Recommended Configuration for Active Directory Connections
When first configuring FME Server to integrate with Active Directory, we recommend starting with the following fmeCommonConfig.txt configuration, which applies to common Windows domain configurations:
SECURITY_LOGIN_TYPE=activedirectory
SECURITY_AD_SERVER_AUTODETECT=true
SECURITY_AD_NT_DOMAIN=<NT_domain_name>
SECURITY_AD_USE_SASL_AUTHENTICATION=true
SECURITY_AD_SASL_OPTION_MECHANISM=GSSAPI
SECURITY_AD_PREAUTH_USERNAME=<account_name>
SECURITY_AD_PREAUTH_PASSWORD=<acount_password>
Note: Specify only a service account name for the SECURITY_AD_PREAUTH_USERNAME parameter. Do not include a domain name. For example, do not specify domain_name\\user_name. Specify only user_name.
The following information will need to be provided for your Windows domain:
- NT domain name. For more information, see SECURITY_AD_NT_DOMAIN.
- Service account name/password.
Note: During configuration we recommend turning on debugging mode by setting SECURITY_DEBUG=true. This configuration parameter is located under the 'Security Management' heading. With debugging enabled, all interactions with Active Directory are logged. If any failures are encountered, refer to Troubleshooting Active Directory Configurations for solutions.