Skip to Content
0

Service account change for Windows AD Authentication

Jul 20, 2017 at 09:45 AM

29

avatar image
Former Member

Team,

we are planning to change the service account which we are using for windows AD authentication and we have Enterprise alias for every windows AD user so no issues with data.

Please, let me know what is the best process to make the changes and provide the documentation if there is any.

Thanks,

Srikanth

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Tim Ziemba
Jul 20, 2017 at 04:09 PM
0

The standard KBA 1631734 shows there are 3 primary places for a service account

1) running the SIA (added to local admin group)

2) in the CMC (AD plugin administration account)

3) In the web/app java options (as password) or in the global.properties (as password or keytab)

Check all the locations you will need to update them all. It's possible that the account could be used for non auth related functions such as scheduling to a file location but wouldn't be covered under the authentication config.

-Tim

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hello Tim,

Thank you for the details. Here, I did below changes in my environment.

1. Updated the new service account details for Tomcat and SIA.

2. Replaced the keytab file.

3. Updated the required details in war files.

Then I started the Tomcat and SIA, it's showing that as running and when i try to login to environment using enterprise authentication. it is not allowing me to login.

I have not made any changes to bscLogin.conf and krb5.ini and not changed details for the windows AD under the Authentication in CMC. Why it is not allowing me to login using the enterprise credentials when Tomcat and SIA is up & running?

Thanks

Srikanth

0

nothing about the AD account would affect enterprise unless the CMS did not start. Sometimes the SIA starts and CMS does not (check in windows task manager). Typo of password could be the fault or look at the microsoft security and ysstem logs.

0