Description:

Differences in the 4.1 installation versus the 4.0SP1 installation as well as information on the new NTLM feature

Solution:

The ITPAM 4.1 installation is very similar to the 4.0SP1 installation so after reading this document, we recommend visiting the 4.0SP1 installation document for more details about the entire installation. You can access that document here:

https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC569769

There is one screen in the 4.1 installation that is different from the 4.0SP1 installation. It is the EEM Security Settings screen which now contains the "Enable NTLM Pass-Through Authentication" checkbox.

<Please see attached file for image>

For testing purposes, we recommend leaving this checkbox empty during the 4.1 installation so that you can test a manual login when the installation is complete. Once you are able to login with the manual login, enabling NTLM is as easy as following the steps below (no reinstall required). These steps assume that you have already connected EEM with your LDAP directory server, you have made your LDAP user a member of the proper ITPAM group in EEM, and you have tested logging in as this user to ITPAM manually. If you have not done these steps, take a look at the following document before enabling NTLM:

https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC565739

Steps to enable NTLM after the PAM install is complete:

1. Stop the ITPAM Orchestrator Service
   
   
2. Browse to the ITPAM installation directory and to the server\c2o\.config folder
   
   
3. Open the OasisConfig.properties file for editing
   
   
4. Locate the following setting and modify it from:
   
   ntlm.enabled=false
   
   to:
   
   ntlm.enabled=true
   
   
5. Save the OasisConfig.properties file
   
   
6. Restart the ITPAM Orchestrator Service

Now when you access the ITPAM URL, it will automatically log you in as the user you are logged into the machine as thus bypassing the login screen.