...
On the Linux platform, authentication within one domain (IPSTEST.SK) and between two domains was tested (hi.exe run under a user in the IPESOFT.SK domain, D2000 server on a Linux server in the IPSTEST.SK domain. In both cases, the value of the AuthSecPrinc parameter was set to SRVAPP$@IPSTEST.SK, where SRVAPP is the name of a Linux computer joined in the Windows domain.
Note 1: if the D2000 Server is started with the start parameter /E+RTM.ADGROUP_MEMBERSHIP_QUERY (or the RTM.ADGROUP_MEMBERSHIP_QUERY parameter is activated at runtime in the D2000 System Console), then, as part of Kerberos/NTLM authentication, the user's membership in groups in Active Directory (AD) is queried. This information is then sent to the D2000 Event Handle process, where it is possible to enable/disable the user's login and possibly set the appropriate authorizations for the application.
Note 2: By default, the D2000 Server (Kernel) performs Kerberos/NTLM authentication and queries the user's membership in AD groups. It is possible to move this functionality to the D2000 Event Handler process (e.g. for network reasons). Such a process must be run with the "–ADAUTHENTICATOR" parameter. If multiple such processes are running, authentication is performed by the last started process.
| Kotva | ||||
|---|---|---|---|---|
|
...