Pass-through Authentication

Contents

 

Pass-through Authentication

Pass-through authentication (Single Sign-on) provides the ability to authenticate yourself automatically in Network Configuration Manager using your current Windows system username and password. You would not need to manually enter your windows credential to log-in to Network Configuration Manager webclient.

Prerequisites:

  • Active directory authentication must have been configured in Network Configuration Manager for the domain you want enable Pass-through Authentication (Adding Domain).
  • User accounts to whom you want to enable pass-through must have been already available in Network Configuration Manager. Create New Users -> AD User.
  • A computer account must be created in the Domain Controller for ensuring secure communication with the Domain Controller by Network Configuration Manager.
  • Network Configuration Manager webserver must have been added as a trusted site in each browser you will be using to connect Network Configuration Manager webclient to avoid browser popups asking for credential.

Creating a Computer Account

Run the script NewComputerAccount.vbs present under NCM_Home\conf\application\scripts to create a new computer account cscript NewComputerAccount.vbs account_name /p password /d domain_name

To reset the password for an existing computer account, run the script SetComputerPass.vbs present under NCM_Home\conf\application\scripts to create a new computer account cscript SetComputerPass.vbs account_name /p password /d domain_name

Ensure that the password you give is compliant to the password policy for that domain. Do not use the New Computer Account option present in AD native client which will not allow you to choose a password. If you face problem running this script from Network Configuration Manager server, copy the script to the domain controller machine itself and try running it.

Configuring Trusted Site in Browser

For Internet Explorer (applicable to Chrome as well):

Open Tools > Internet Options > Security > Local Intranet > Sites > Advanced. Enter Network Configuration Manager server URL, click Add.

For Firefox:

In URL box enter about:config. Click the button "I'll be careful. I promise", if warning page is displayed. In the resulting page, search for ntlm. Double click the option network.automatic-ntlm-auth.trusted-uris. Enter Network Configuration Manager server URL in the text box and click OK. (Multiple site entries can be entered separated by comma.)

Configuring in Network Configuration Manager

In Network Configuration Manager webclient, click Settings → User Management → Pass-through. Check Enable.

  • Domain Name: NETBIOS name of your domain. Example: OPMANHV
  • Bind String: DNS Name of your domain Example: opmanhv.com
  • DNS Server IP: Primary IP Address of the DNS Server.
  • DNS Site: Site under which the Domain Controller is listed.
  • Computer Account: Account name of the computer account created. Append $@domain_dns_name with the account name. Example: mytestacc$@OPMANHV.COM
  • Password: Password of the computer account.
  • Click Save.

Getting Domain DNS Name and NETBIOS Name

In the Domain Controller device, open Start -> Administrative Tools -> Active Directory Users and Computers.

Getting DNS Server IP:

Open Command Prompt in Network Configuration Manager server. Run "ipconfig /all". The first IP Address mentioned beside DNS Servers is the primary DNS Server IP Address.

Getting DNS Site:

In Domain Controller device, open Start -> Administrative Tools -> Active Directory Sites and Services. The Site under which your Domain Controller device name listed is your site name. You can leave the DNS Site field empty in Pass-through configuration form in Network Configuration Manager, if there is only one site present in your Domain Controller.

Design Limitations

  • Pass-through authentication can be enabled for only one domain, preferably the domain in which Network Configuration Manager server resides. If pass-through has been configured for a domain other than the one in which Network Configuration Manager server resides, ensure the other domain will provide logged in user information to a website from a different domain.
  • Pass-through authentication will work only for the active directory users already been added to Network Configuration Manager. If you do not want to manually create user account for all the users in your domain, enable auto-login for the domain (Admin->User Manager->Windows Domains). Once auto-login is enabled, you have to manually enter username and password of your account only on the first login and an user account in Network Configuration Manager will be created automatically, from there on you can simply work without manually entering.

Disable Pass-through Authentication

In Network Configuration Manager webclient click on Settings → User Management → Pass-through. Use the radio button Disable Pass Through Authentication.

Log File:

If you face any issue with Pass-through Authentication, contact support with a zip file of the logs present under NCM_Home\logs folder.

Was this article helpful?