required to run server with active directory user?

Sep 23, 2010 at 9:35 AM

may i know is it compulsory to run server(tomcat) using active directory user in order for waffle to work? 

Sep 23, 2010 at 3:24 PM

It's not. The account that's talking to Active Directory needs to have delegation rights. This also can be a machine account, so it would work to run as LocalSystem. Naturally the server needs to be joined to the Active Directory.

Sep 23, 2010 at 3:46 PM

can you elaborate "the account that's talking to Active Directory needs to have delegation rights"


my test environment have domain call "company" and many subdomain  ""  , ""  .   i run tomcat as localsystem,  try to authenticate   and get authentication fail, but then i restart tomcat with user@company  and now i able to authenticate successfully.    can elaborate more..

Sep 23, 2010 at 3:52 PM

It's rather complex and depends on your Active Directory configuration, trusts between these domains, account rights and stuff like that. Start by reading this.

Sep 23, 2010 at 4:46 PM

i gonna read it tomorrow, it's midnight here now =)   normally if we use jcifs,we need to specify domain server . but using waffle, it's automatic without configuration.  but you mentioned, even if i run tomcat with localsystem that no need login to domain, also no problem? but my test case wasnt like that. in order to authenticate, i must run tomcat with user@company..     can comment ?

Sep 23, 2010 at 5:47 PM

As I said it really, really depends on the Active Directory domain configuration. The machine joined to the domain has an account and there're hundreds of policy choices that the domain can do that affect this.