sm.registry configuration without smconsole in Policy Server
search cancel

sm.registry configuration without smconsole in Policy Server

book

Article ID: 45587

calendar_today

Updated On:

Products

CA Single Sign-On SITEMINDER

Issue/Introduction


When running the "Policy Server Management Console" (smconsole) on Linux Policy Server, the tool works very slow.

Is there's a way to modify configuration?

 

Resolution


It's possible to modify the Policy Server service configuration by accessing to the sm.registry file directly, and manually edit it.

The challenge comes when modifying encrypted values.

Some command lines can help to encrypt some of the values:

  1. Logon to the Policy Server machine, and open a command prompt;
  2. Back-up the following file:

    <Siteminder_Install_Dir>/registry/sm.registry

    to illustrate:

    # cp -p /<Siteminder_Install_Dir>/registry/sm.registry <Siteminder_Install_Dir>/registry/sm.registry.orig

  3. Run the following command to encrypt the Admin Password for the Policy Store

    # smldapsetup reg -w<Password>

    NOTE: This switch will use the Policy Server encryption key to encrypt the password entered in the "-w' switch and populate it in the following location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore
    "AdminPW"="{RC2}<value>"

    This value can be copied to to the following fields:

    LDAP Connection Settings:

    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore\AdminPW
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapKeyStore\AdminPW
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapSessionServer\AdminPW

    ODBC Connection Settings:

    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\AdvancedAuth\Password
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Default\Password
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Key\Password
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Log
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\SessionServer\Password
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Token\Password

The values in the 'sm.registry' are only overwritten when including that corresponding switch in the 'smldapsetup reg' command.

To overwrite the Server, LDAP Root, or Admin, then don't specify those switches.

The command will overwrite anything in the [HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore\AdminPW] registry key with the encrypted value from the smldapsetup command, however encrypted value isn't limited to that one connection.

It can be copied to other registry keys, providing the possibility to reset it to the correct password for the LDAP Policy Server at the end (if the other connections are using different accounts).

 

Powered by Wolken Software