NOTE:You cannot run tools using domain accounts without passwords if none of the domain controllers are available.
The security authentication module is installed by default on a node as part of the HP Operations agent package.
If the tool uses domain accounts, then you must configure the domain controllers of the target nodes domain as managed nodes and deploy the HP Operations agent package to the domain controllers. The agent installation makes the security authentication module available on the domain controllers.
If there are several domain controllers in a domain, and depending on the availability of these domain controllers, the Windows authentication system will contact different domain controllers. For this reason the security authentication module must be available on all domain controllers of that domain. The security authentication module on the domain controllers authenticates the login for any machine when the tool launches. However, in this case, the account that the tool runs as does not have network credentials.
NOTE:If the tool uses local accounts, no further action is necessary because the security authentication module is automatically deployed together with the HP Operations agent package, which is required to execute tools on the managed node.
In the HTTPS agent installation defaults file, set the
INSTALL_OPCAUTH option to false, for
example:
[eaagt] INSTALL_OPCAUTH = false
NOTE:Use the SetMgmtServer tool with the /auth
/on option, for example:
SetMgmtServer /auth /on
To disable the security authentication module after the agent has been installed:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\Auth130Manually remove the opcauth.dll file on the node
where the tool user is authenticated:
%SYSTEMROOT%\opcauth.dll
If you remove this DLL, then a password will always be required to run a tool under the specified account. If you remove this DLL on all domain controllers, you cannot do a switch user without a password for domain accounts.
Related Topics: