Open topic with navigation

SECURITY_AD_SASL_OPTION_REALM

Optional. When specified, explicitly sets the authentication realm for Kerberos V5 or MD5 message digest authentication. In terms of Active Directory, the authentication realm is the domain name.

When left unspecified, the authentication realm is assumed to be the domain name of the connected Active Directory domain controller. Windows domains are most commonly configured in this manner.

This configuration parameter expects a capitalized version of the domain name, specified in its fully-qualified domain name (FQDN) form. For example, if the FQDN is domain.net, use DOMAIN.NET.

This parameter is applicable only when SASL authentication is enabled, and either Kerberos V5 or MD5 message digest is used as the SASL authentication mechanism. Specifically, the following configuration parameters must be set:

• SECURITY_AD_USE_SASL_AUTHENTICATION=true
• SECURITY_AD_SASL_OPTION_MECHANISM=GSSAPI or =DIGEST-MD5

To obtain the fully-qualified domain name (FQDN):

From a domain computer:

1. Open a command prompt (cmd.exe) via the Start menu.
2. Do either of the following:
   
   1. Type echo %USERDNSDOMAIN% to display the USERDNSDOMAIN environment variable.
   2. The FQDN will print.

OR:

1. Type net config workstation to display the network settings for the computer.
2. The FQDN appears under the 'Workstation Domain DNS Name' field.

From the domain controller:

1. Open 'Active Directory Domains and Trusts' from the Start menu.
2. In the console tree (left-hand column), a list of Windows domains are listed by their FQDNs.

Safe Software Inc. www.safe.com