Use the hcmds64checkauth command to verify whether the management server is correctly connected to the external authentication server and the external authorization server.
- Register an external authentication server and an external authorization server
- Verify the following information:
- For LDAP authentication
Verify the user accounts registered on the LDAP directory server. For user IDs, specify the value saved in the attribute specified by auth.ldap.value-specified-in-auth.server.name.attr in the exauth.properties file.
- For RADIUS authentication
Verify the user accounts registered on the RADIUS server.
- For Kerberos authentication
When linking only to an external authentication server:
Verify the user accounts that are registered in Common Component products and whose authentication method is Kerberos authentication.
When also linking to an external authorization server:
Verify the user accounts not registered in Common Component products.
In addition, if you specify a user who belongs to a realm other than the realm specified for default_realm in the exauth.properties file, also verify the realm that the user belongs to. If more than one realm name is specified in the exauth.properties file, verify all specified realm names.
Note that you cannot specify a user account whose user-ID or password begins with a forward slash (/) in Windows, or hyphen (-) in Linux.
- For LDAP authentication
- In Windows:
-
Common-Component-installation-folder\bin\hcmds64checkauth [/user user-ID /pass password] [/summary]
- In Linux:
-
Common-Component-installation-directory/bin/hcmds64checkauth [-user user-ID -pass password] [-summary]
- If you run the command without specifying the user option or the pass option, you will be prompted to enter a user ID and password.
- If you run the command with the summary option specified, the confirmation message is displayed in summary format.
- To specify a user belonging to a realm other than the realm set for default_realm in the exauth.properties file:
user-ID@realm-name
- To specify a user who belongs to the realm set for default_realm in the exauth.properties file:
You can omit the realm name.
-
When using the LDAP authentication method, if the hcmds64checkauth command is executed, all connected external authentication servers are verified and the verification results for each external authentication server are displayed.
For external authentication servers for which the user account specified for the hcmds64checkauth command is not registered, an error message indicating that the user account is not registered is displayed in phase 3 of the verification result, and confirmation at phase 3 might fail.
When this occurs, verify the connection of each external authentication server by using a user account that is registered to that server.
Settings in the exauth.properties file and connections to the external authentication server and external authorization server are verified, and verification results are displayed in each of four phases. The following message is displayed if the verifying in each phase finishes normally.
KAPM15004-I The result of the configuration check of Phase phase-number was normal.
- Phase 1
- The command verifies that common properties have been correctly specified in the exauth.properties file.
- Phase 2
- The command verifies that the properties for the external authentication server and properties for the external authorization server have been correctly specified in the exauth.properties file.
- Phase 3
- The command verifies that the external authentication server can be connected to.
- Phase 4
- If an external authorization server is also linked to, the command verifies that the external authorization server can be connected to and authorization groups can be searched.