How to switch Protection Engine authentication methods from standard to domain authentication
search cancel

How to switch Protection Engine authentication methods from standard to domain authentication

book

Article ID: 374708

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

Symantec Protection Engine (SPE) was previously installed with the standard authentication method. Now you wish to switch to using AD authentication without uninstalling and reinstalling the SPE components.

 

Environment

Symantec Protection Engine 9.x

Resolution

Server Configuration:

  1. Edit application.properties

    Windows:   "C:\Program Files\Symantec\Scan Engine\RestAPI\application.properties

    Linux:  /opt/SYMCScan/RestAPI/application.properties


  2. Within the LDAP Configuration section there are elements that must entered correctly.  They are highlighted, with examples, below:

    #LDAP Configuration
    sperestapi.ldap.enabled=true                { Set to true to turn on AD/LDAP authentication within the REST API framework}
    sperestapi.ldap.url= example.com            { The starting point for scaling the directory. This can be a domain controller server's name, IP address or a domain name suffix etc}
    sperestapi.ldap.port=389                    { The access port:  389, 636, 3269 are commonly used but not be discussed here }
    sperestapi.ldap.basedn=dc=example,dc=com    { The base container from which to start searching AD }
    sperestapi.ldap.groupdn=CN=GroupName,OU=Groups,DC=example,DC=com    { The name and location of the group the user making the request from the console must be a member of }
    sperestapi.ldap.ssl.enabled=false            

  3. Save the changes and then restart the service

    Windows:  "Symantec Protection Engine REST API" service

    Linux: /opt/SYMCScan/RestAPI/restapi.sh restart

 

Console Configuration:

Note: When this kind of change is made all managed servers previously added to the console will no longer be accessible-- so the file containing all managed servers, Assets.xml, must be rebuilt

  1. Close the SPE Console for Windows if it is open

  2. Rename or delete the file "C:\Program Files\Symantec\Scan Engine Console\CMaF\Settings\Assets.xml"

  3. Run regedit to open the Windows registry

  4. Go to HKLM\Software\Symantec\Cmaf\SPE\<version>\Config

  5. Double-click on the string "IsLdap" and change the value to "TRUE"

  6. Create a string value named "LdapGroupName"

  7. Double-click on LdapGroupName and enter the name of the group the console user must be a member of

    Example:


  8. Launch the SPE Console for Windows and login as a domain user:  example.com\username

  9. Re-add the SPE server(s)

    Example:

Powered by Wolken Software