You are here: Administrator's Guide > Securing FME Server > Connecting to Active Directory > Recommended Configuration for Active Directory Connections

Recommended Configuration for Active Directory Connections

When first configuring FME Server to integrate with Active Directory, we recommend starting with the following fmeCommonConfig.txt configuration, which applies to common Windows domain configurations:

SECURITY_LOGIN_TYPE=activedirectory

SECURITY_AD_SERVER_AUTODETECT=true

SECURITY_AD_NT_DOMAIN=<NT_domain_name>

SECURITY_AD_USE_SASL_AUTHENTICATION=true

SECURITY_AD_SASL_OPTION_MECHANISM=GSSAPI

SECURITY_AD_PREAUTH_USERNAME=<account_name>

SECURITY_AD_PREAUTH_PASSWORD=<acount_password>

Note: Specify only a service account name for the SECURITY_AD_PREAUTH_USERNAME parameter. Do not include a domain name. For example, do not specify domain_name\\user_name. Specify only user_name.

The following information will need to be provided for your Windows domain:

Note: During configuration we recommend turning on debugging mode by setting SECURITY_DEBUG=true. This configuration parameter is located under the 'Security Management' heading. With debugging enabled, all interactions with Active Directory are logged. If any failures are encountered, refer to Troubleshooting Active Directory Configurations for solutions.