Wikis - Page

VTS 2023R1 - Configuration for NTLM-Authentication via LDAPS

2 Likes

Hi there forks,

has anybody tried to activate NTLM-Authentication in VTS? ==> IT works now

I'm working with MS Active Directory which supports NTLM via secure LDAPS.

VTS works perfect with TLS enabled. Take a look into "VTS TLS 1.2 1.3 configuration"

Only in the LoadRunner Enterprise 2023.01 MLU.zip under "Additional Components\Virtual Table Server" is the SetupVTS_2023R1.exe available. Not (yet) in the Market Place.

The help in VTS still links to Performance Center 12.6, but the actual help is in Vugen-Onine help VTS Configuration Help

My Experiences:

  • All certificates must be available in PEM-Format, Base 64.
  • if you have a centralised PKI-infrastructure which signs your certificate, you only need one file for all public configurtation items, maybe except for lapsCert for identify you server
  • No Users needed, ony roles
  • All users can authenticate via Active Directory. Without definition in Role, the get Users/Viewer-Role.
  • No  Dummy-Users like "Viewer" available, but no need for it anymore.
  • When Entering a new Admin-User VTS-Service must be restarted

Take a look into my configuration which works fine.

"admin": {
        "authentication": "NTLM", 
		"requireBasicAuthForAPI": false,
        "users": [
        ],

        "role": {
            "administrator": [
                "kw.dcon.cam\\userid0",
                "kw.dcon.cam\\useridc",
                "kw.dcon.cam\\userid3",
                "kw.dcon.cam\\userid4",
                "kw.dcon.cam\\userid6"
            ],
            "user": [
                "kw.dcon.cam\\useridd"
            ]
        },

        "domain": "kw.dcon.cam",
        "domaincontroller": "ldaps://kw.dcon.cam:636",
        "ldapsCert": "VTS02_pub_cert.pem",
        "ldapsCA": "VTS02_pub_cert.pem",
        
		"useSSL": true,
        "certificate": "VTS_pub_cert.pem",
        "privateKey": "VTS_private_key.pem",
        "passphrase": "secret",
        "ca": "VTS_pub_cert.pem",
        "minVersion": "TLSv1.2",
        "maxVersion": "TLSv1.3",
        "ciphers": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:HIGH:!TLS_RSA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA",
        "requestClientCert": false
    },

Hope tha helps a bit

Pascal

Labels:

Support Tips/Knowledge Docs
User Group
Comment List
  • Hi Pavan,

    when you only try to activate TLS for VTS, my config is also described. The important attributes für TLS are:

            "useSSL": true,
            "adminPort": 443,
            "defaultApiPort": 8200,
            "certificate": "VTS_pub_cert.pem",
            "privateKey": "VTS_private_key.pem",
            "passphrase": "secret",
            "ca": "VTS_pub_cert.pem",
            "minVersion": "TLSv1.2",
            "maxVersion": "TLSv1.3",
            "ciphers": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:HIGH:!TLS_RSA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA",

    I've added the complete root-chain into my certificate and exported them ase base64-pem-file.

    Hope that helps

  • Hi Pascal,

    I am trying to use SSL configuration with custom certificate(Digicert), i can download then in .crt , .pem and .key files are coming. when i use them still i can see site is not secure is coming. 

    Give me the right direction....

  • Update

    After trying different configurations with my AD-Admin we figured out, that VTS 2021.1.0 doesn't support security protocols.

    I've updated node.js from V12.2.0 to V16.14.0 x64. V17 doesn't work.

    The working configuration would look like this

    "domain": "ab.cdefg.net",
    "domaincontroller": "ldaps://ab.cdefg.net:686",

Related
Recommended