How to confirm Integrated Windows Authentication (IWA) is enabled and configured correctly.

How to confirm Integrated Windows Authentication (IWA) is enabled and configured correctly.

To retrieve the information to confirm the IWA configuration

1. Set Logging to verbose

HKEY_LOCAL_MACHINE\SOFTWARE\Borland\CaliberRM\11.4\Server\Logging

DWORD: flags

Decimal Value: 63

2. The following registry key requires to be created and set


HKEY_LOCAL_MACHINE\SOFTWARE\Borland\CaliberRM\11.4\Server\DirectoryServices

DWORD: IntegratedWindowsAuthentication

Decimal Value: 1

3. Update the logging setting in the Caliber Data Server applet in the control panel

4. Restart the Caliber Services

 

5. The Caliber Server logs will report the following if IWA and LDAP are setup correctly


01/19/2016 19:20:38.661  16292   2 LDAP Parameters host="bel-dc02.microfocus.com", port=389, security=0, bindDN="CORPDOM\$svcCaliber", bindPw=10, baseDN="DC=microfocus, DC=com", Filter="(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))", useNTAuthentication=0, followRefferals=1

01/19/2016 19:20:38.661  16292   3 Calling ldap_init()

01/19/2016 19:20:38.663  16292   3 ldap_init()/ldap_sslinit() successful.

01/19/2016 19:20:38.663  16292   3 ldap_set_option() - successful

01/19/2016 19:20:38.663  16292   3 Call to 'ldap_connect()'

01/19/2016 19:20:38.665  16292   3 Connect to ldap_connect() succeeded.

01/19/2016 19:20:38.665  16292   3 Binding using LDAP_AUTH_SIMPLE...

01/19/2016 19:20:38.665  16292   3 UserID: "CORPDOM\$svcCaliber" password Length: 10...

01/19/2016 19:20:38.668  16292   3 ...Bind was successful. Returning session.

01/19/2016 19:20:38.668  16292   3 LDAP Directory Services are enabled.

01/19/2016 19:20:38.668  16292   8 IntegratedWindowsAuthentication feature is available and configured correctly.

6. The Caliber Server Log will report the following if IWA for a user is setup correctly


01/19/2016 19:20:55.425  11080   2 CaliberManagerFactoryImpl::login_v1120 (CORPDOM\davidca,**********,BEL-DCARSON,RM,10.133.11.83,Caliber Author 11.4.4.257)

01/19/2016 19:20:55.425  11080   2 Versant::Versant(2, 0, 0)

01/19/2016 19:20:55.425  11080   3 Using Session crm4

01/19/2016 19:20:55.442  11080   3 DirectoryServices->Enable() == TRUE

01/19/2016 19:20:55.442  11080   3 (user->id_number > 0) == TRUE

01/19/2016 19:20:55.442  11080   3 !user->force_caliber_authentication == TRUE

01/19/2016 19:20:55.442  11080   8 IntegratedWindowsAuthentication feature is available and configured correctly.

01/19/2016 19:20:55.442  11080   3 Original IWA User DN 'CORPDOM\DavidCa'

01/19/2016 19:20:55.442  11080   3 After Windows domain is stripped, IWA User DN 'DavidCa'

01/19/2016 19:20:55.442  11080   2 cldap::UserLookup(DavidCa, "****")

01/19/2016 19:20:55.442  11080   3 Calling ldap_init()

01/19/2016 19:20:55.442  11080   3 ldap_init()/ldap_sslinit() successful.

01/19/2016 19:20:55.442  11080   3 ldap_set_option() - successful

01/19/2016 19:20:55.442  11080   3 Call to 'ldap_connect()'

01/19/2016 19:20:55.444  11080   3 Connect to ldap_connect() succeeded.

01/19/2016 19:20:55.444  11080   3 Binding using LDAP_AUTH_SIMPLE...

01/19/2016 19:20:55.444  11080   3 UserID: "CORPDOM\$svcCaliber" password Length: 10...

01/19/2016 19:20:55.446  11080   3 ...Bind was successful. Returning session.

01/19/2016 19:20:55.446  11080   3 Max return entries set to 100

01/19/2016 19:20:55.446  11080   3 ldap search baseDN = DC=microfocus, DC=com, filter = (&(objectCategory=person)(objectClass=user)(sAMAccountName=DavidCa))

01/19/2016 19:20:55.450  11080   3 getEntry(ldap_first_entry or ldap_next_entry) failed with 0

01/19/2016 19:20:55.451  11080   2 SessionManager::create(DavidCa, 10.133.11.83, RM, Caliber Author, 11.4.4.257)

 

N.B. If the user login fails using IWA this is normally down to the LDAP BindDN user not having adequate permissions to search the LDAP forest.

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Version history
Revision #:
1 of 1
Last update:
‎2016-01-19 20:14
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.