|
|
|
After meeting the prerequisites described in the previous section, you can configure the connection.
Note: When you create or modify a Policy Server object in the Policy Server User Interface, use ASCII characters. Object creation or modification with non-ASCII characters is not supported.
To configure a Windows directory connection
In the NT Domain Name field, enter the name of the WinNT domain, computer within the WinNT domain, or stand-alone WinNT computer:
To define a namespace that represents global users and groups in a WinNT domain, specify the name of the domain in the NT Domain Name field. For user accounts in domains, SiteMinder supports both domain authentication as well as trusted domain authentication. In order for domain authentication to work, the system on which the Policy Server is installed must have a computer account in the appropriate domain. If this system does not have a computer account in all domains in which users need to be authenticated, the appropriate trust relationships must be established between domains.
You can change the NT account under which the Policy Server is running. To do so, open the Settings, Control Panel, Services dialog, and change the account under which the Policy Server is running to an account that has the necessary privileges to access the specified domain. This account must have the Act As Part of Operating System system privilege.
To define a Namespace that represents local users and groups in a computer that is a member of a domain, specify the name of the domain, followed by the name of the computer in the NT Domain Name field. The domain same and computer name must be separated by a forward slash (/). If you do not specify the name of the computer, performance during searches may suffer.
For example, if a domain called SampleDomain contains a computer called Comp1 which contains user information, you can enter the following in the NT Domain Name field:
SampleDomain/Comp1
To define a namespace that represents local users and groups in a stand-alone computer, specify the name of the computer in the NT Domain Name field. The stand-alone computer must have a Policy Server installed on it in order for this namespace to be accessible. There may be an initial delay when the Policy Server accesses this namespace for the first time.
Note the following:
If you cannot access the user directory after supplying credentials, your network may require that you run the Policy Server from a privileged account.
If your network requires credentials, enter the username for an account that has administrative privileges for the WinNT user directory. This account is used by SiteMinder to enable or disable users, and to access trusted domains. This account does not need to be the default administrator account, but it must be an account with the appropriate privileges.
If you specified a computer name in the NT Domain Name field, you must enter the computer name, followed by a backslash (\), followed by the name of the user account that has appropriate privileges.
For example, if you are entering credentials for a user called jsmith on a computer called Comp1, you enter the following:
Comp1\jsmith
For information about WinNT account privileges, see your Windows NT documentation.
A SiteMinder Web Agent can provide a Windows user security context for accessing Web resources in IIS Web servers. In the Credentials and Connection tab, you can specify whether or not SiteMinder should provide a Windows user security context. This enables the IIS server to enforce Windows access control mechanisms.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |