Attachmate Worldwide  |   Contact Us  |   NetIQ.com
Home » Support » Solution Library

Technical Notes

Active Directory Access and Reflection for Secure IT Windows Server
Technical Note 2208
Last Reviewed 11-Apr-2008
Applies To
Reflection for Secure IT Windows Server version 6.1 through 6.1.x
Summary

This technical note describes the type of account required for Active Directory Access with Reflection for Secure IT Windows Server.

Accounts that Allow Active Directory Access

For Active Directory Access, the Active Domain must accept Anonymous Access, or you must have the proper type of account as described below:

User Account

  • A User account that is a member of the Administrators Group on the domain controller (as stated on the Domain Access dialog box in the Reflection for Secure IT Windows Server; enter your Domain\User and Password information in the proper fields).
  • A User account with read permissions (enter your Domain\User and Password information in the proper fields).

Machine Account

  • The machine account in a Windows 2003 Active Domain (leave both fields blank). You cannot use a machine account in a Windows 2000 Active Domain environment.

Note: The machine account should have read permissions for the Active Domain. (Adding it to either the Administrator Group or the 'Account Operator' Group will accomplish this.) This is particularly a requirement when the option to cache passwords is not checked. Alternatively, a separate group can be created with the correct authorization set.

View Full Size
2208.gif
  • A machine account that includes the security group Domain Computers as a trustee for the Active Directory. To verify that the machine account has these permissions, follow these steps.
    1. In the Active Directory Users and Computers dialog box, click View > Advance Features. A check should show up in front of Advanced Features, to indicate that the view is enabled.
    2. Right-click the active domain and click Properties.
    3. On the Security tab, click Add.
    4. In the "Enter the object names to select" field, enter Domain Computers and click OK.
    5. On the Security tab, select Domain Computers (which you added in step 4), and then click Advanced.
    6. On the Properties tab of the Advanced Security Settings dialog box, re-select Domain Computers, and then click Edit.
    7. In the "Apply onto" drop-down menu, select "This object and all child objects."
    8. In the Allow column of the Permissions list, select List Contents, Read All Properties, and Read Permissions.
    9. Click OK until you are back at the Active Directory Users and Computers dialog box.

Once you have the user and machine accounts configured, you can use certificates to connect with the SSH client and the machine account of the system running Reflection for Secure IT Server can access the Active Domain.

Related Technical Notes
1999 Reflection for Secure IT Technical Notes

Did this technical note answer your question?

Yes    No    Somewhat     Not sure yet

Additional comments about this tech note:

Need further help? For technical support, please contact Support.