config-ntlm-auth

Configures the authentication service used with the NTLM authentication method.

config-ntlm-auth 
[-c value | --configuration=value] 
[-b value | --bootstrap-config=value] 
[-S value | --server=value] 
[-d value | --domain-name=value] 
[-D value | --domain-controller=value] 
[-a value | --account-name=value] 
[-p value | --password=value] 
[-n value | --dns-servers=value] 
[-s value | --ad-site=value] 
[-t value | --dns-cache-ttl=value] 
[-i value | --connection-id-header-name=value] 
[-L value | --log-level=value] 
{-Pkey=value} 
[-C value | --domain-trust-cache-values=value]

Overview

Use this command to configure the authentication service used with NTLM authentication method.

Options


Option	Optional or Required	Default Value	Description
`-c value --configuration=value`	Optional	configuration.xml	The path to the server configuration file.
`-b value --bootstrap-config=value`	Optional	none	The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file.
`-S value --server=value`	Optional	none	The name of the cluster server to which the specified configuration parameters should be applied. If no name is specified, the parameters apply to all servers in the cluster. It is typically used to add a server-specific account name (see the `--account-name` option).
`-d value --domain-name=value`	Required, unless the `--domain-controller` argument is specified, or if the `--server` argument is specified and this parameter is already specified for the global configuration.	none	The DNS name of the Windows domain. The specified domain name automatically resolves into domain controller hostnames. It is also possible to use the `--domain-controller` argument to specify a domain controller hostname directly. The `--domain-name` and `--domain-controller` arguments are mutually exclusive.
`-D value --domain-controller=value`	Required, unless the `--domain-controller` argument is specified, or if the `--server` argument is specified and this parameter is already specified for the global configuration.	none	The DNS hostname of an Active Directory domain controller. It is also possible to use the `--domain-name` argument to specify a domain name that automatically resolves to domain controller hostnames. The `--domain-name` and `--domain-controller` arguments are mutually exclusive.
`-a value --account-name=value`	Optional, unless the --server argument is specified and this parameter is not already specified for the global configuration.	none	Specifies the fully qualified name of the Active Directory computer account to be used by the NTLM authentication service. This account must be a proper computer account created solely for the purpose of running the NTLM authentication service. It can neither be an ordinary user account, nor an account of an existing computer. Note that the name of an Active Directory computer account always contains a dollar sign, for example, ntlm-svc$@research.example.com. The local part of the account name (excluding the dollar sign) must not exceed 15 characters. On Linux, the parameter value must be enclosed in single quotes because of the dollar sign. If there is more than one server in the cluster, each server must use its own account. It is recommended to leave the global configuration without account name and password, and only add them to each server's configuration.
`-p value --password=value`	Optional, unless the --server argument is specified and this parameter is not already specified for the global configuration.	none	Specifies the password for the computer account that is to be used by the NTLM authentication service. It is recommended to leave the global configuration without account name and password, and only add them to each server's configuration.
`-n value --dns-servers=value`	Optional	none	A comma-separated list of IP addresses for the DNS servers associated with the Windows domain. When no DNS servers are specified, the NTLM authentication service falls back to the server computer default DNS server configuration.
`-s value --ad-site=value`	Optional	none	The Active Directory site where the Spotfire system is located. Specifying an Active Directory site can potentially improve performance because the NTLM authentication service then communicates only with the local domain controllers.
`-t value --dns-cache-ttl=value`	Optional	5000 ms.	The length of time (in milliseconds) name server lookups should be cached.
`-i value --connection-id-header-name=value`	Optional	none	The name of an HTTP header containing unique connection IDs in environments where the server is located behind a proxy or load-balancer that does not properly provide the server with the client IP address. The specified HTTP header must contain unique connection IDs for each client connection and is thus typically based on the client IP address and the connection port number on the client side.
`-L value --log-level=value`	Optional	1	Specifies the level of logging done for NTLM authentication, an integer value ranging from 0 (no logging) to 4 (debug logging).
`-Pkey=value`	Optional	none	Specifies additional properties for the Jespa component, in the form of key-value-pairs. For example: `-Pjespa.key=value`. This argument may be specified multiple times with different keys.
`-C value --domain-trust-cache-values=value`	Optional	none	Specifies a mapping between NetBIOS and DNS domain names used for canonicalizing domain names when sufficient information is not provided by the local NETLOGON service. The mapping is given as a comma-separated list of NetBIOS:DNS entries, for example "RESEARCH:research.example.com,HR:hr.example.com", and is used for turning a NetBIOS name into a DNS name, or vice versa.

Examples

Configuring the NTLM authentication service for the research.example.com Windows domain

Windows command prompt:

config config-ntlm-auth --domain-name research.example.com --account-name ntlm-svc$@research.example.com --password 53cr3t

Linux command shell:

config config-ntlm-auth --domain-name research.example.com --account-name 'ntlm-svc$@research.example.com' --password 53cr3t

Configuring the NTLM authentication service for using the Active Directory Domain Controller dc.research.example.com

Windows command prompt:

config config-ntlm-auth --domain-controller dc.research.example.com --account-name ntlm-svc$@research.example.com --password 53cr3t

Linux command shell:

config config-ntlm-auth --domain-controller dc.research.example.com --account-name 'ntlm-svc$@research.example.com' --password 53cr3t

Configuring the NTLM authentication service for the Active Directory Site VIENNA within the research.example.com Windows domain

Windows command prompt:

config config-ntlm-auth --domain-name research.example.com --ad-site=VIENNA --account-name ntlm-svc$@research.example.com --password 53cr3t

Linux command shell:

config config-ntlm-auth --domain-name research.example.com --ad-site=VIENNA --account-name 'ntlm-svc$@research.example.com' --password 53cr3t