Last updated: 10th Sep 2004
This document describes how to use Passthrough Authentication in Fusion95. This feature can be used on all platforms.
This document should be used in addition to the Fusion95 and F95Admin user's Guides; it explains how to use Passthrough Authentication to verify user credentials (user/password) with a Domain Controller.
Passthrough Authentication is a mechanism used by a Common Internet File System (CIFS) server to validate user credentials (user/password) with a Domain Controller and thus grant the user access to a resource on the server, following a successful validation of the user credentials by the Domain Controller
The following requirements must be met in order to use Passthrough Authentication in Fusion95.
After a new installation you can find information about the new passthrough_server keyword in the pcserve.ini in the /usr/fusion95/cfg directory. If you have performed an upgrade, you can find the information in the inifile.txt file in the same directory..
Activate Passthrough Authentication____________________________________
If Fusion95 is running, then stop it . Run:
Add a passthrough_server=
To start Fusion95, run:
Passthrough Server Specification_______________________________________
The Passthrough Server Specification should name the Domain Controller you wish to use for validation of user credentials (user/password).
Passthrough Server and Unix machine on the same broadcast network
Typically you would specify: DomainName\ServerName. The ServerName must be specified as a Network Node Name.
PassthroughServer and Unix machine on different broadcast networks
If Fusion95 and the Domain Controller reside on different broadcast networks then you must specify: \ServerName. The ServerName can be specified as either a Network Node Name or as an ip-address in dot notation (a.b.c.d). If you specified a Network Node Name, then the name must be able to be resolved by an entry in the /etc/hosts file, or by a Domain Name Server (DNS).
More than one server can be specified to allow for redundancy. Separate the entries with a semicolon.
Fusion95 Passthrough Authentication Features
This chapter describes some of the Fusion95 features available only when Passthrough Authentication is activated.
You activate the Default User feature by adding a user named "__DEFAULT__" (two underscores before and after DEFAULT) into the Fusion95 database. As result a user that does not exist in the Fusion95 database will adopt the properties you specified for the Default User. Thereafter, the normal Passthrough Authentication procedure will take place, of course using the original user name.
By using the Default User feature you do not need to add all users in the Windows network into the Fusion95 user database. You only need to add those users that you wish to assign special properities, for example users you want to assign the Fusion server administrative rights.
To deactive the Default User feature, you simply remove the "__DEFAULT__" name from the Fusion95 database.
For information on how to add a user into, or remove a user from the Fusion95 database, refer to the Fusion95 User's Guide.
You will probably want to limit the capabilities of the Default User. For example not map to the root unix user.
There is no need to reboot the server to activate or deactive this feature, you just add or remove the "__DEFAULT__" name.
The authentication with the passthrough server is performed using the origiinal user name. This feature is only available with User Level Security (not with Unix Level Security).
|© Copyright 2004-2020||by April System Design|