|
Home > Archive > WebSphere Application Server > February 2004 > WAS in NT Domains w/AD
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
WAS in NT Domains w/AD
|
|
|
| Just curious if anyone has any opinion about running WAS in a Windows
Domain vs independent servers.
I have a customer that is considering changing the architecture and
putting the servers in a Domain, using Active Directory ID's to manage
the box instead of the local ACL. I understand this will make the
Domain server another point of failure in the environment and that
Active Directory is a performance nightmare. Is there anything else I
should be aware of?
| |
| Ken Hygh 2004-02-19, 10:33 am |
| Bob wrote:
> Just curious if anyone has any opinion about running WAS in a Windows
> Domain vs independent servers.
>
> I have a customer that is considering changing the architecture and
> putting the servers in a Domain, using Active Directory ID's to manage
> the box instead of the local ACL. I understand this will make the
> Domain server another point of failure in the environment and that
> Active Directory is a performance nightmare. Is there anything else I
> should be aware of?
>
WAS will need to be installed (and possibly run) as a Domain
Administrator ID
Ken
| |
|
| Thanks Ken,
Is there a recommended approach to this written anywhere? Do we have
any RedBooks or other literature that discuss this subject.
Regards.
Ken Hygh wrote:
> Bob wrote:
>
>
> WAS will need to be installed (and possibly run) as a Domain
> Administrator ID
>
> Ken
>
| |
| Ken Hygh 2004-02-19, 10:33 pm |
| Bob wrote:
> Thanks Ken,
>
> Is there a recommended approach to this written anywhere? Do we have
> any RedBooks or other literature that discuss this subject.
>
> Regards.
>
> Ken Hygh wrote:
>
>
Not that I know of personally - but I almost never run across windows in
production.
k
| |
|
| Recently i ran into same issue. I need to create level of security for
different in Console users. I tell you the requirement to be part of a
domain in a large organisation like mine is to intense. This is an abstract
from IBM Site. Good luck
Required privileges
The user that is running the WebSphere Application Server process should
have enough operating system privilege to call the Windows . systems API for
authenticating and obtaining user and group information from the Windows
operating system. This is the user who logs into the machine or if running
as a service this is the Log On As user. Depending on the machine (whether
the machine is a stand-alone machine or a machine that is part of a domain
or is the domain controller, itself), the access requirements vary.
a.. For a stand-alone machine, the user should be:
a.. A member of the administrative group.
b.. Should have the Act as part of the operating system privilege.
c.. Should have the Log on as a service privilege, if the server is run
as a service.
b.. For a machine that is a member of a domain, only a domain user can
start the server process and should be:
a.. A member of the domain administrative groups in the domain
controller.
b.. Should have the Act as part of the operating system privilege in the
Domain Security Policy on the domain controller.
c.. Should have the Act as part of the operating system privilege in the
Local Security Policy on the local machine.
d.. Should have the Log on as a service privilege on the local machine,
if the server is run as a service.
Note: The user is a domain user and not a local user, which implies that
when a machine is part of a domain, only a domain user can start the server.
c.. For a Domain Controller machine, the user should be:
a.. A member of the domain administrative groups in the domain
controller.
b.. Should have the Act as part of the operating system privilege in the
Domain Security Policy on the domain controller.
c.. Should have the Log on as a service privilege on the domain
controller, if the server is run as a service.
"Ken Hygh" <kenhygh@nc.rr.com> wrote in message
news:c14q9s$5um4$1@news.boulder.ibm.com...
> Bob wrote:
>
> Not that I know of personally - but I almost never run across windows in
> production.
> k
>
|
|
|
|
|