Currently I am supporting a customer that has an application which requires runningscripts via NSH (command line) on Windows servers. Customer is usingusers and users.local config files to map to a local admin account on each Windowsserver. Customer is limited since the application requires runningscripts that must run as a domain user.
I believe I am on the right path; I do need some help in applying the final touches. Here is what I did:
I followed the BMC BladeLogic Administration guide on page 132 (Setting upNetwork Shell Proxy Services for Windows user mapping). Customer hasone application server only so I used "Application Servers defined asALL". This was easy and workedfine.
Using RBAC I created an automation principal that has my domain user as its principalid.
Using RBAC I created a new role and under Agent ACL/Windows I utilized the sameAutomation Principal I created.
The next step is to create a secure file. I am stuck with the secure file and what I need to have in it. I like to get it working between my Linux BLappserver and a Windows server that I am testing with as a POC. I created an entry like this and pasted theentry in the secure file on the Linux server (BL Server in my test case) andthe Windows server. I utilized the hosttype entry in the secure file since default and rscd will not apply to me andleft them intact.
If I use NSH and connect to the windows server, I succeed.
But I need to connect using the domain account and I thought I have to do somethinglike this:
I create a new auth profile with type domainauth which I did and workedfine, I acquired credential to this profile which also succeeded, I set myseviceProfileName to it and roleName to the role I have created and belonged myuser to it and the one that utilizes the Automation Principal. This did not work for me.
To be honest, it is confusing a bit.
Can you please help me understand this little better? And see where I wentwrong.