TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Authentication and User Directory<br />
8.3.3 NTLM<br />
MIGRATING OR UPGRADING?<br />
<strong>TIBCO</strong> <strong>Spotfire</strong> <strong>Server</strong> 3.2 introduces support for NTLMv2. You<br />
should consider switching to "NTLM v1/v2" that supports both v1 and<br />
v2. The instructions below explain how to set up this version, not the<br />
old. If you wish to continue using "NTLM v1 only" you must copy the<br />
files jcifs.jar and jcifs-ext.jar from /tomcat/<br />
webapps/spotfire/WEB-INF/lib to /tomcat/<br />
webapps/spotfire/WEB-INF/lib.<br />
With this authentication method, users are authenticated with a Windows Domain.<br />
Setting up NTLM authentication involves three steps:<br />
1 Creating one or more computer service account in your Windows Domain.<br />
2 Enabling NTLM authentication for your cluster in the Configuration Console.<br />
3 Configuring NTLM in either the Configuration Console or on each <strong>Spotfire</strong> <strong>Server</strong> (or<br />
both).<br />
If you have only one server in the <strong>Spotfire</strong> system, you can configure all settings in the<br />
Configuration Console. If you have more than one server, however, you must<br />
configure some or all settings on each <strong>Spotfire</strong> <strong>Server</strong>.<br />
Note: If you have a load balancer in front of your cluster, you must set up NTLM on<br />
the load balancer rather than on the <strong>Spotfire</strong> <strong>Server</strong>s. See the section “NTLM<br />
Authentication” on page 62 for more information about this.<br />
Below are comprehensive instructions for each step.<br />
Creating a Computer Service Account in Your Windows Domain<br />
Creating computer accounts in a Windows Domain is done using the Microsoft<br />
Management Console snap-in Domain Users and Computers. If you do not have<br />
access to this tool, or if you are unfamiliar with how to use it, please speak to your<br />
Windows Domain administrator.<br />
In this tool, create a new computer account. See Microsoft documentation for details<br />
on how to do this.<br />
Note: Adding a real computer or re-using an existing account name will not work and<br />
may cause problems for those accounts and computers. Always create a new account<br />
by selecting “New computer account”.<br />
When you have created a new computer account, you need to set a password for this<br />
account. Unfortunately, this is not possible to do in the Microsoft Management<br />
Console. In the directory /tomcat/bin there is a vbs script<br />
called SetComputerPass.vbs. This is an example of how to run the script:<br />
C:\> cscript SetComputerPass.vbs "cn=spotfireserveruser,cn=computers,dc=yourdomaincontroller,dc=yourorganization,dc=com"<br />
<strong>TIBCO</strong> <strong>Spotfire</strong>® <strong>Server</strong> <strong>3.2.2</strong> 75 (144)