5 Replies Latest reply on Oct 2, 2015 11:49 AM by Bill Robinson

    BSA Active Directory Implementation

      Hi,

       

      We want to integrate BSA with Active Directory so that windows and linux administrator can use their same credential to login into the BSA application. We have configured BSA in multiple appserver envoronment (MAS). While going through the documentation, I can see where we have to mention app server host in the keytab file.

       

      Could you please tell me, Do we need to create keytab file for each application server or we can mention multiple app server host in the same keytab file so that we can use single keytab file??

       

      Any help would be appreciated.

       

       

      Regards,

        • 1. Re: BSA Active Directory Implementation
          Bill Robinson

          ?there's two ways to do authentication w/ AD.  you can use 'domain' authentication where the user types in their AD username and password to the bsa console and then the login is processed.  this does not require a keytab file.  there's 'ADK/SSO' which does use the keytab, and requires registry changes on each workstation and re-uses the kerberos token from the workstation to login w/o the user typing in anything to the bsa console to login.  for the later, you can use the same keytab file across all appservers.

          • 2. Re: BSA Active Directory Implementation

            Hi Bill,

             

            Thanks for the information but i want to ask you what is your suggestion on this as our requirement is windows and unix administrator should use their same credential in bsa application what they are using for login into windows and unix servers.

             

            So, should we proceed with domain authentication or ADS??

             

             

            Regards,

            • 3. Re: BSA Active Directory Implementation
              Bill Robinson

              the users login to the unix servers w/ their ad account via centrify or ldap (to ad) ??

               

               

              domain auth is the easiest to setup.

              • 4. Re: BSA Active Directory Implementation

                Hi Bill,

                 

                Unix users uses their id with local password to login into unix servers.

                 

                 

                Regards,

                • 5. Re: BSA Active Directory Implementation
                  Bill Robinson

                  "windows and unix administrator should use their same credential"

                  so you want windows users to login w/ their AD credentials, and you want unix users to login w/ a local account that maybe present on some unix servers?  you have no centralized management of the user accounts for unix ?  if that's the case, i don't see how you can accomplish what you want for the unix users.  do the unix users have AD accounts ?