Choose your language
Back to startpage







Fusion95


Addendum for

Passthrough Authentication

Version 6

Last updated: 10th Sep 2004

Overview

Introduction_______________________________________________________
This document describes how to use Passthrough Authentication in Fusion95. This feature can be used on all platforms.

This document should be used in addition to the Fusion95 and F95Admin user's Guides; it explains how to use Passthrough Authentication to verify user credentials (user/password) with a Domain Controller.

Passthrough Authentication is a mechanism used by a Common Internet File System (CIFS) server to validate user credentials (user/password) with a Domain Controller and thus grant the user access to a resource on the server, following a successful validation of the user credentials by the Domain Controller

Requirements______________________________________________________
The following requirements must be met in order to use Passthrough Authentication in Fusion95.

  1. Fusion95 must run with user level security (secmode=3).
  2. A Domain Controller that can validate user credentials must exist within your network. This can be a Windows NT/2000/XP server or any other server that can perform user/password validation according to the (CIFS) specification.

Installation
After a new installation you can find information about the new passthrough_server keyword in the pcserve.ini in the /usr/fusion95/cfg directory. If you have performed an upgrade, you can find the information in the inifile.txt file in the same directory..


Activate Passthrough Authentication____________________________________
If Fusion95 is running, then stop it . Run:

/usr/fusion95/f95stop

Add a passthrough_server= entry in the pcserve.ini file located in the /usr/fusion95/cfg directory. The is explained below in Passthrough Server Specification.

To start Fusion95, run:
/usr/fusion95/f95start

Passthrough Server Specification_______________________________________
The Passthrough Server Specification should name the Domain Controller you wish to use for validation of user credentials (user/password).

Passthrough Server and Unix machine on the same broadcast network

Typically you would specify: DomainName\ServerName. The ServerName must be specified as a Network Node Name.

Example:

passthrough_server=DOMAIN2\SERVER7

PassthroughServer and Unix machine on different broadcast networks

If Fusion95 and the Domain Controller reside on different broadcast networks then you must specify: \ServerName. The ServerName can be specified as either a Network Node Name or as an ip-address in dot notation (a.b.c.d). If you specified a Network Node Name, then the name must be able to be resolved by an entry in the /etc/hosts file, or by a Domain Name Server (DNS).

Examples:

passthrough_server=\RSERVER

passthrough_server=\101.102.103.104

Redundancy

More than one server can be specified to allow for redundancy. Separate the entries with a semicolon.

Example:

passthrough_server=DOMAIN2\SRVR2;DOMAIN2\SRVR4

Fusion95 Passthrough Authentication Features
This chapter describes some of the Fusion95 features available only when Passthrough Authentication is activated.

Default User_______________________________________________________
You activate the Default User feature by adding a user named "__DEFAULT__" (two underscores before and after DEFAULT) into the Fusion95 database. As result a user that does not exist in the Fusion95 database will adopt the properties you specified for the Default User. Thereafter, the normal Passthrough Authentication procedure will take place, of course using the original user name.

By using the Default User feature you do not need to add all users in the Windows network into the Fusion95 user database. You only need to add those users that you wish to assign special properities, for example users you want to assign the Fusion server administrative rights.

To deactive the Default User feature, you simply remove the "__DEFAULT__" name from the Fusion95 database.

For information on how to add a user into, or remove a user from the Fusion95 database, refer to the Fusion95 User's Guide.

You will probably want to limit the capabilities of the Default User. For example not map to the root unix user.

There is no need to reboot the server to activate or deactive this feature, you just add or remove the "__DEFAULT__" name.

The authentication with the passthrough server is performed using the origiinal user name. This feature is only available with User Level Security (not with Unix Level Security). To the top

 

© Copyright 2004-2017 Developed by April System Design