Previous Topic: How to Configure a Windows Directory Connection

Next Topic: Ping the User Store System

WinNT Domain Connection Requirements

For the Policy Server to connect to your WinNT domain, it must meet the following requirements:

Note: For Windows deployments, SiteMinder establishes the Windows user context by passing the user's fully qualified Windows ID and password to IIS. SiteMinder obtains the fully qualified Windows ID from the user's DN entry by concatenating the first cn and dc values found in the DN. For example, if the user DN is:

cn=<username>,cn=<usergroup>,dc=<server>,dc=<domain>,
dc=<extension>

The resulting Windows ID is <server>\<username>. IIS requires that <username> be the same as the Windows user ID, and that <server> be the logon domain name.

The Policy Server authenticates against WinNT and can authorize users based on their individual identities and group membership.

When authenticating against a WinNT namespace, the Policy Server passes user credentials to WinNT for authentication. The credentials are the user's WinNT user name and password. In a SiteMinder environment, where multiple WinNT namespaces are defined, user authentication is faster if the user name supplied to SiteMinder includes the domain name (i.e. domain\username). In that case, SiteMinder skips all WinNT namespaces that do not match the specified domain name.

WinNT user names and passwords can be used as credentials.

Note: To authenticate users against a WinNT domain, the Policy Server must run on WinNT.


Copyright © 2010 CA. All rights reserved. Email CA about this topic