Edit sm.registry when no X11 and no smconsole access in Policy Server
search cancel

Edit sm.registry when no X11 and no smconsole access in Policy Server

book

Article ID: 282547

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction


Running Policy Server, how to configure the sm.registry file, when there's no access to the smconsole "Policy Server Manangement Console" and when the X11 protocol is disabled?

 

Resolution

 
On Linux, edit the sm.registry file directly using edition tool like vi, vim, nano, emacs, etc. The challenge comes when willing to set an encrypted value such as a password to connect to a Store.
 
There are some command lines to encrypt the value to put manually in the sm.registry, like smldapsetup command line (1).
 
Some smconsole buttons can be simulated using a Policy Server command line for LDAP and ODBC:
   
The button "Test LDAP Connection":
 
   # {home_policy_server}/bin/ldapsearch "-b <base_dn>" -x "-D <accound_dn>" -w <account_password> -h <Ip:Port> -P {home_policy_server}/<cert_directory> -s sub '<object_to_search>'
   
The button "Test Connection":
 
   # {home_policy_server}/bin/odbctest -dsn <dns_from_system_odbc.ini> -table <table_name> -uid <account_to_connect> -pwd <account_password> -v 
 
   Set a table belonging to the Policy Store. 
  
   # {home_policy_server}/bin/odbctest -dsn <dns_from_system_odbc.ini> -table <table_name> -uid <account_to_connect> -pwd <account_password> -v
 
   Put table "version", as per the db/SQL/sm_oracle_ps.sql
 
   CREATE TABLE version (
       major                INTEGER DEFAULT 0 NOT NULL,
       minor                INTEGER DEFAULT 0 NOT NULL,
       langid               INTEGER DEFAULT 0 NOT NULL,
       sublangid            INTEGER DEFAULT 0 NOT NULL,
       sortid               INTEGER DEFAULT 0 NOT NULL,
   PRIMARY KEY (major, minor)
   )
       STORAGE ( 
              INITIAL 100k
              NEXT 100k
              MINEXTENTS 1
              MAXEXTENTS 100
       ) 
   ;
 
The database connection password can be set that way too:
 
Run XPSConfig command:
 
  # XPSConfig
  Enter Option (id or X or Q): SM
   31-DbObjAdminPassword
  Enter Option (D, V, F,  # or Q): 31
  Enter Option (C, or Q): C
  Enter New Value:<write_here_the_password>
   Pending Value:      (sensitive) 
  Enter Option (C, or Q): Q
  Enter Option (D, V, F,  # or Q): Q
  Enter Option (id or X or Q): Q
 
Then, the sm.registry will have the following:
 
  HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Default=xxxxxxx
  Password=              {RC2}<value>; REG_SZ
  
Run also the following the following command to encrypt the Admin Password for the Policy Store as LDAP
 
 # smldapsetup reg -w<Password>
 
  NOTE: This switch will use the Policy Server encryption key to
  encrypt the password entered in the "-w' switch and populate it in
  the following location:
 
  HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore
  "AdminPW"="{RC2}<value>"
 
And copy the above value to set it to the Password under HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Default=xxxxxxx. This will do the same as XPSConfig command above. 
 
The "Enable Agent Key Generation" option can be set the following way:
 
  Disabled:
 
  HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\ObjectStore=xxxxxx
  EnableKeyGeneration=                    0x0; REG_DWORD
 
  Enabled:
 
  HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\ObjectStore=xxxxxx
  EnableKeyGeneration=                    0x1; REG_DWORD
 
Find a quick reference registry key list from the documentation (2).
 
Powered by Wolken Software