Configuring NTLM authentication for a single server

These instructions are for configuring NTLM authentication by using the command line.

Before you begin

You have created a computer service account; see Creating a computer service account in your Windows domain.

Procedure

Configure NTLM authentication by using the following commands: config-ntlm-auth and list-ntlm-auth.

This is the information you must have to run the commands:


Server (optional)	The name of the server instance to which the specified configuration options belong. If no server name is specified, then all parameters will be shared, applying to all servers in the cluster. It is common to use server-specific values for the account name and password configuration options.
Account name (required)	Specifies the fully qualified name of the Active Directory computer account that is to be used by the NTLM authentication service. This account must be a proper computer account, created solely for the purpose of running the NTLM authentication service. It can neither be an ordinary user account, nor an account of an existing computer. Note that the local part of an Active Directory computer account name always ends with a dollar sign, and the local part of the account name (excluding the dollar sign) must not exceed 15 characters. Example: ntlm-svc$@research.example.com
Password (required)	Specifies the password for the computer account used by the NTLM authentication service.
DNS domain name (optional)	The DNS name of the Windows domain to which the Spotfire Server computer belongs. The specified domain name is automatically resolved into a domain controller hostname. As an alternative to specifying a DNS domain name, it is also possible to specify a domain controller hostname directly. The DNS domain name is recommended because you then automatically get the benefits of fail-over and load-balancing, provided that you have more than one domain controller. The DNS domain name and domain controller arguments are mutually exclusive. Example: research.example.com
Domain controller (optional)	The DNS hostname of an Active Directory domain controller. It is recommended that the DNS domain name option be used instead because that option gives the benefits of fail-over and load-balancing. The domain controller and DNS domain name arguments are mutually exclusive. Example: dc01.research.example.com
DNS servers (optional)	A comma-separated list of IP addresses of the DNS servers associated with the Windows domain. When no DNS servers are specified, the server will fall back to use the server computer's default DNS server configuration. Example: 192.168.1.1,192.168.1.2
AD site (optional)	Specifies the Active Directory site where the Spotfire system is located. Specifying an Active Directory site can potentially increase performance because the NTLM authentication service will then only communicate with the local Windows domain controllers. Example: VIENNA
DNS cache TTL (optional)	Specifies how long (in milliseconds) name server lookups should be cached. The default value is 5000 ms.
Connection ID header name (optional)	This parameter specifies the name of an HTTP header containing unique connection IDs in environments where the server is located behind a proxy or load-balancer that does not properly provide the server with the client's IP address. The specified HTTP header must contain unique connection IDs for each client connection and is thus typically based on the client's IP address together with the connection's port number on the client side.

Import the configuration using the config-auth command and restart the server to activate the NTLM single sign-on authentication method.

JavaScript must be enabled in order to use this site.Please enable JavaScript in your browser and refresh the page.

Configuring NTLM authentication for a single server

These instructions are for configuring NTLM authentication by using the command line.

Before you begin

You have created a computer service account; see Creating a computer service account in your Windows domain.

Procedure

Configure NTLM authentication by using the following commands: config-ntlm-auth and list-ntlm-auth.

This is the information you must have to run the commands:


Server (optional)	The name of the server instance to which the specified configuration options belong. If no server name is specified, then all parameters will be shared, applying to all servers in the cluster. It is common to use server-specific values for the account name and password configuration options.
Account name (required)	Specifies the fully qualified name of the Active Directory computer account that is to be used by the NTLM authentication service. This account must be a proper computer account, created solely for the purpose of running the NTLM authentication service. It can neither be an ordinary user account, nor an account of an existing computer. Note that the local part of an Active Directory computer account name always ends with a dollar sign, and the local part of the account name (excluding the dollar sign) must not exceed 15 characters. Example: ntlm-svc$@research.example.com
Password (required)	Specifies the password for the computer account used by the NTLM authentication service.
DNS domain name (optional)	The DNS name of the Windows domain to which the Spotfire Server computer belongs. The specified domain name is automatically resolved into a domain controller hostname. As an alternative to specifying a DNS domain name, it is also possible to specify a domain controller hostname directly. The DNS domain name is recommended because you then automatically get the benefits of fail-over and load-balancing, provided that you have more than one domain controller. The DNS domain name and domain controller arguments are mutually exclusive. Example: research.example.com
Domain controller (optional)	The DNS hostname of an Active Directory domain controller. It is recommended that the DNS domain name option be used instead because that option gives the benefits of fail-over and load-balancing. The domain controller and DNS domain name arguments are mutually exclusive. Example: dc01.research.example.com
DNS servers (optional)	A comma-separated list of IP addresses of the DNS servers associated with the Windows domain. When no DNS servers are specified, the server will fall back to use the server computer's default DNS server configuration. Example: 192.168.1.1,192.168.1.2
AD site (optional)	Specifies the Active Directory site where the Spotfire system is located. Specifying an Active Directory site can potentially increase performance because the NTLM authentication service will then only communicate with the local Windows domain controllers. Example: VIENNA
DNS cache TTL (optional)	Specifies how long (in milliseconds) name server lookups should be cached. The default value is 5000 ms.
Connection ID header name (optional)	This parameter specifies the name of an HTTP header containing unique connection IDs in environments where the server is located behind a proxy or load-balancer that does not properly provide the server with the client's IP address. The specified HTTP header must contain unique connection IDs for each client connection and is thus typically based on the client's IP address together with the connection's port number on the client side.

Import the configuration using the config-auth command and restart the server to activate the NTLM single sign-on authentication method.