For the Policy Server to connect to your WinNT domain, it must meet the following requirements:
Note: These requirements may be met by default if you use the default configuration for your WinNT domain. Your WinNT domain administrator should verify that the domain meets the above requirements.
Note: For Windows deployments, SiteMinder establishes the Windows user context by passing the user's fully qualified Windows ID and password to IIS. SiteMinder obtains the fully qualified Windows ID from the user's DN entry by concatenating the first cn and dc values found in the DN. For example, if the user DN is:
cn=<username>,cn=<usergroup>,dc=<server>,dc=<domain>,
dc=<extension>
The resulting Windows ID is <server>\<username>. IIS requires that <username> be the same as the Windows user ID, and that <server> be the logon domain name.
The Policy Server authenticates against WinNT and can authorize users based on their individual identities and group membership.
When authenticating against a WinNT namespace, the Policy Server passes user credentials to WinNT for authentication. The credentials are the user's WinNT user name and password. In a SiteMinder environment, where multiple WinNT namespaces are defined, user authentication is faster if the user name supplied to SiteMinder includes the domain name (i.e. domain\username). In that case, SiteMinder skips all WinNT namespaces that do not match the specified domain name.
WinNT user names and passwords can be used as credentials.
Note: To authenticate users against a WinNT domain, the Policy Server must run on WinNT.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |