1 2 3 Previous Next 31 Replies Latest reply on Mar 4, 2010 12:24 PM by Bill Robinson

    Single sign on access - BladeLogic\Active Directory

      Can anybody point me in the right direction to integrate Active Directory with a Bladelogic server which is installed on windows

      2003 ? The only documentation I can find is related to Unix installs. Many thanks.

        • 1. Re: Single sign on access - BladeLogic\Active Directory

          What version of BladeLogic are you using?

          • 2. Re: Single sign on access - BladeLogic\Active Directory
            Bill Robinson

            It's in the BladeLogicAdministration pdf.

            • 3. Re: Single sign on access - BladeLogic\Active Directory

              bladelogic.docHi, I 've been through the process in this doc, however when I try to login I get "requested authentication method is disabled on AuthSvc" . However I have run from the Application Server Administration screen: set AuthServer IsADKAuthEnabled true.

               

              thanks.

              • 4. Re: Single sign on access - BladeLogic\Active Directory
                Bill Robinson

                can you post your appserver logs and the output of:

                 

                blasadmin -s <your app instance> show all

                • 5. Re: Single sign on access - BladeLogic\Active Directory

                  Hi,

                   

                  I have been through the document however I get the following:

                   

                   

                   

                   

                  I have enabled authentication through the Application Server configuration

                  console.

                   

                  regards.

                  • 6. Re: Single sign on access - BladeLogic\Active Directory

                    H:\>blasadmin -s eidpeubdl101l show all

                    blasadmin now running against deployment: eidpeubdl101l

                    Unable to find directory for deployment eidpeubdl101l.  Commands will not

                    be run

                    against this deployment.

                    No deployments found. Exiting...

                     

                    Appserver logs:

                     

                     

                     

                    regards.

                    • 7. Re: Single sign on access - BladeLogic\Active Directory
                      Bill Robinson

                      the instance name is probably 'default' then.  run that again.  and there's nothing in the br/appserver.log file ?

                      • 8. Re: Single sign on access - BladeLogic\Active Directory

                        Hi Bill,

                         

                        How do i change the instance name ?

                         

                        Nothing in the appserver.log file.

                         

                        regards.

                        • 9. Re: Single sign on access - BladeLogic\Active Directory
                          Bill Robinson

                          The instance name is listed in the 'infrastructure management'  menu in  the CM GUI (under tools) - you can also modify the configuration from  here.    otherwise you would use blasadmin from the command line like  "blasadmin -s default" to modify the instance named 'default'.

                           

                          also, are you trying to use the ADK authentication or 'domain' authentication?

                           

                          and... you must restart the the appserver service after you make the config changes.

                          • 10. Re: Single sign on access - BladeLogic\Active Directory

                            Under tools\infrastructure management\ If i right click application server

                            I am only give the following options:

                             

                             

                            I am logged in as the BLAdmin account.

                             

                            With regards to ADK authentication - I get the following error: No TGT

                            found please obtain a TGT first

                             

                            With domain authentication  - I get requested authentication method

                            disabled on Authsvc

                            • 11. Re: Single sign on access - BladeLogic\Active Directory

                              SSO Issue.JPG

                               

                              Attached screenshot to previous post

                              • 12. Re: Single sign on access - BladeLogic\Active Directory
                                Bill Robinson

                                Which authentication type are you trying to configure - domain or ADK ?

                                 

                                Did you follow the guide for this in the BladeLogicAdministration.pdf (for whichever auth type you are trying to configure)?

                                 

                                Can you send the output of the command:

                                 

                                blasadmin -s default show all

                                 

                                and then post the contents of the blappserv_krb5.conf and blappserv_login.conf files.

                                • 13. Re: Single sign on access - BladeLogic\Active Directory

                                  Followed the instructions for  Active Directory\Kerberos authentication.

                                   

                                  Output from:blasadmin -s default show all

                                   

                                  EIDPEUBDL101L% blasadmin -s default show all

                                  blasadmin now running against deployment: default

                                  AccountLockoutDuration:0

                                  AccountLockoutThreshold:0

                                  MaxPasswordAge:0

                                  MinPasswordLength:0

                                  EnableAgentRpc:false

                                  SecureFilePath:

                                  AppServerInstrumentationFilePath:

                                  AppServerInstrumentationRolloverCount:10

                                  AppServerInstrumentationRolloverSize:10000

                                  AppServerName:eidpeubdl101l

                                  AppSvcPort:9841

                                  AssetPathCacheMaxSize:50

                                  AuditCacheMaxSize:50

                                  BlTargetJobManagerTimeout:90

                                  CLRProxyPort:

                                  CertPasswd:KKBWOUNTTTZXBOZNATANMBKTXKWXQXWWXELMEWPBUQTMVKPBKBBVZOZWBWAKTTTU

                                  CertStore:bladelogic.keystore

                                  ComplianceResultMaxNumberOfAssets:100

                                  ComponentCacheMaxSize:100

                                  ConditionFormatLocaleCountry:

                                  ConditionFormatLocaleLanguage:

                                  ConditionFormatLocaleVariant:

                                  DisplayName:EIDPEUBDL101L

                                  EnableAtriumIntegration:

                                  EnableInstrumentation:false

                                  EnableProxyInspection:true

                                  EnableSessionBasedCaching:true

                                  FileSystemObjectCacheMaxSize:50000

                                  HTTPProxyName:pershingie.pershing.co.uk

                                  HTTPProxyPassword:WPMPALBOQAAPALXLAMQUMOXPXAVQBKVANUWZTWUMBOZELNBAMKOATOPZTBLTBN

                                  ME

                                  HTTPProxyPort:8080

                                  HTTPProxyUser:pershingeurope\serviceisa

                                  Hostname:

                                  IdleConnectionPruneTime:120

                                  IdleNshProxyPruneTime:120

                                  KRB5ProxyPort:

                                  Krb5Config:

                                  Krb5LoginConfig:

                                  Krb5Port:

                                  MaxClientContexts:200

                                  MaxJMXConnections:20

                                  MaxJobThreads:5

                                  MaxJobs:20

                                  MaxLightweightWorkItemThreads:0

                                  MaxNshProxyContexts:20

                                  MaxNshProxyThreads:3

                                  MaxPort:9899

                                  MaxTimeForCancelToFinish:10

                                  MaxWorkItemThreads:50

                                  MaxWorkerThreads:10

                                  MinPort:9850

                                  MultiAppServerEnabled:

                                  NshProxyKrb5Config:

                                  NshProxyKrb5LoginConfig:

                                  NshProxyMaxThreadIdleTime:500

                                  NshProxySocketConnectTimeout:60

                                  NshProxySocketOperationTimeout:7200

                                  NshProxySocketsBindAddress:all

                                  PWDStore:

                                  PropagateWorkItemTimeout:true

                                  ProxySvcPort:

                                  RegistryPort:9836

                                  RemoteServerTimeout:60

                                  RequireClientAuthentication:true

                                  RestartIdleProvisionJobs:false

                                  SRPPort:9829

                                  SRPProxyPort:

                                  SSLPort:9831

                                  ServerMonitorInterval:10

                                  SnapshotCacheMaxSize:100

                                  SocketConnectTimeout:60

                                  SocketOperationTimeout:7200

                                  SocketTimeout:600

                                  SocketsBindAddress:all

                                  TemplateCacheMaxSize:100

                                  UseSSLSockets:false

                                  ValidateClientIpAddress:

                                  ValidateRequestURL:

                                  VersionCompatibilityCheck:minor

                                  MaxConfigRecords:50000

                                  ActiveDirectoryLdapUrl:

                                  ActiveDirectorySearchBase:

                                  AppServiceURLs:

                                  AuthSvcKrb5Config:blappserv_krb5.conf

                                  AuthSvcKrb5LoginConfig:blappserv_login.conf

                                  AuthSvcPort:9840

                                  AuthSvcSocketTimeout:75

                                  AuthSvcSocketsBindAddress:all

                                  IsADKAuthEnabled:true

                                  IsActiveDirectoryLdapCheckEnabled:

                                  IsDomainAuthEnabled:false

                                  IsLdapAuthEnabled:true

                                  IsSRPAuthEnabled:true

                                  IsSSOCredRefreshEnabled:true

                                  IsSecurIdAuthEnabled:

                                  IsSsoRefreshHostnameCheckEnabled:

                                  LdapUserDnTemplate:

                                  LdapUserValidationFilter:

                                  MaxAuthSvcContexts:20

                                  MaxAuthSvcThreads:3

                                  MaximumSessionCredentialLifetime:

                                  ProxyServiceURLs:

                                  ReportServiceURLs:

                                  SessionCredentialLifetime:

                                  AutoGeneratedRetentionTime:0

                                  DatabaseCleanupFilterEnabled:true

                                  EnableRetentionPolicy:false

                                  GroupsMustBeEmpty:

                                  AutoCreate:

                                  DefaultImportAndUpdateFolder:/importAndUpdate

                                  EnableRetentionPolicy:false

                                  GroupsMustBeEmpty:false

                                  InstrumentationEnabled:

                                  PropertySync:false

                                  ShowNoAccessNodes:true

                                  ConnectionString:jdbc:sqlserver://eidsrascm001l:1433;DatabaseName=BladeLogic;Sel

                                  ectMethod=cursor

                                  DatabaseInstrumentationFilePath:

                                  DatabaseInstrumentationRolloverCount:10

                                  DatabaseInstrumentationRolloverSize:10000

                                  DatabaseVersion:7.6.0

                                  DriverClass:com.microsoft.sqlserver.jdbc.SQLServerDriver

                                  FetchSize:100

                                  MaxClientConnections:100

                                  MaxGeneralConnections:100

                                  MaxJobExecutionConnections:100

                                  MinClientConnections:0

                                  MinGeneralConnections:0

                                  MinJobExecutionConnections:0

                                  MinTimeToLog:0

                                  Password:ZNKNAAEBMQKEXAVOLXBWQOLZQAZEOPMBEKOBAKLLABWTXKVPKPZXVEELWONEBBNZ

                                  TransactionAttempts:10

                                  UserId:ServiceSQLBDL

                                  AutomaticInterval:0

                                  AutomaticServers:

                                  MaxStoredResults:20

                                  MaxWaitTime:5

                                  AssignmentLoadFactor:2

                                  fromaddress:

                                  smtpserver:

                                  techsupport:

                                  location:/E/BladeLogic/Storage

                                  name:eidpeubdl101l

                                  ConnectionTimeoutMs:

                                  DefaultPassword:

                                  DefaultUser:

                                  IsHostValidationEnabled:

                                  LdapServerURLs:

                                  TrustStore:

                                  EmailNotificationLevel:

                                  EmailRecipients:

                                  JMXManagementPort:9838

                                  JmxNotificationLevel:

                                  SnmpNotificationLevel:

                                  SnmpRecipients:

                                  SnpAudPkgCrossMounts:false

                                  SnpAudPkgNetworkMounts:false

                                  AutoRemediate:false

                                  location:/c/Perl/bin/perl.exe

                                  KeyStoreFileName:bladelogic.keystore

                                  KeyStorePassword:TLWMMLMVNMXOMNQUTUXBQWPZEPTTNOMXOVTLUVVXBAUTBOAQZTBNVPKBAAXEEKA

                                  E

                                  RegistryPort:1067

                                  SpawnExternally:false

                                  default_address:null

                                  domain:null

                                  interface_to_bind:null

                                  is_use_broadcast:null

                                  is_use_multicast:null

                                  listen_port:null

                                  mtftp_address:null

                                  mtftp_client_port:null

                                  mtftp_server_port:null

                                  multicast_address:null

                                  prompt_timeout:null

                                  tftpd_base_dir:null

                                  EvaluateJobRules:

                                  EvaluateRepeaterRules:true

                                  EvaluateSocksProxyRules:true

                                  MaxNumberOfWaitCycles:0

                                  MaxWaitTimePerWaitCycle:60

                                  MaxJobTimeInSchedulerQ:60

                                  AgentHost:null

                                  ConfigFilePath:null

                                  LogFilePath:null

                                  LogLevel:OFF

                                  LogToFile:false

                                  NodeSecretFilePath:null

                                  OptionsFilePath:null

                                  ReadConfigInterval:600

                                  StatusFilePath:null

                                  MaxSmartGroupItems:

                                  SnmpPort:162

                                  SnmpServer:

                                  MaxWaitTime:5

                                  EIDPEUBDL101L%

                                   

                                   

                                  Contents of blappserv_krb5.conf:

                                   

                                  libdefaults]

                                  ticket_lifetime = 6000

                                  default_realm = PERSHINGEUROPE.EU

                                  default_tkt_enctypes = des-cbc-md5

                                  default_tgs_enctypes = des-cbc-md5

                                  PERSHINGEUROPE.EU = {

                                  kdc = eiddcspeu001l.PERSHINGEUROPE.EU:88

                                  }

                                   

                                  Contents of blappserv_login.conf:

                                   

                                  com.sun.security.jgss.accept {

                                  com.sun.security.auth.module.Krb5LoginModule required

                                  useKeyTab=true

                                  keyTab="D:
                                  Program Files
                                  BMC BladeLogic\OM\br "

                                  storeKey=true

                                  principal="blauthsvc/eidpeubdl101l@PERSHINGEUROPE.EU"

                                  doNotPrompt=true

                                  debug=false;

                                  };

                                   

                                  regards.

                                  • 14. Re: Single sign on access - BladeLogic\Active Directory
                                    Bill Robinson

                                    the config looks correct for the appserver for ADK auth. 

                                     

                                    on the client machine, did you make the registry change, restart and can you post the blclient_*.conf and config.properties files that exist on the client?

                                    1 2 3 Previous Next