on 2017 Jul 20 10:45 AM
Team,
we are planning to change the service account which we are using for windows AD authentication and we have Enterprise alias for every windows AD user so no issues with data.
Please, let me know what is the best process to make the changes and provide the documentation if there is any.
Thanks,
Srikanth
The standard KBA 1631734 shows there are 3 primary places for a service account
1) running the SIA (added to local admin group)
2) in the CMC (AD plugin administration account)
3) In the web/app java options (as password) or in the global.properties (as password or keytab)
Check all the locations you will need to update them all. It's possible that the account could be used for non auth related functions such as scheduling to a file location but wouldn't be covered under the authentication config.
-Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Tim,
Thank you for the details. Here, I did below changes in my environment.
1. Updated the new service account details for Tomcat and SIA.
2. Replaced the keytab file.
3. Updated the required details in war files.
Then I started the Tomcat and SIA, it's showing that as running and when i try to login to environment using enterprise authentication. it is not allowing me to login.
I have not made any changes to bscLogin.conf and krb5.ini and not changed details for the windows AD under the Authentication in CMC. Why it is not allowing me to login using the enterprise credentials when Tomcat and SIA is up & running?
Thanks
Srikanth
User | Count |
---|---|
68 | |
8 | |
8 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.