SSO Configuration of Jedox Server on Linux

image_pdfimage_print
Used example values:
  • The given domain is “jedoxsso“.
  • The group is named “ssogroup“.
  • The Group that needs to be created in Jedox needs to be named as: “jedoxsso\ssogroup“.
    For reference please see: SSO Authorization Mode or SSO Authentication Mode
  • The Netbiosname of the Jedox Server in this example is “JedoxServer
  • The example address for the AD are as following:
    • IP: “192.168.2.30
    • FQDN: “ADServer.jedoxsso.local
    • Shortname: “ADServer

Configuration steps:

Additional Information:
Jedox is installed inside of a “cage” or “chroot” environment.
All files mentioned here are inside of the Jedox Environment.
(https://en.wikipedia.org/wiki/Chroot)

From outside of the cage, switch to the cage with:
cd /opt/jedox/ps

Then start Jedox with:
sudo ./jedox-suite.sh start

Inside the cage switch to chroot:
sudo chroot .

/etc/samba/smb.conf:
Adjust:
netbios name“,
workgroup“,
realm
and “idmap config” information to match your environment.

[global] netbios name = JedoxServer
workgroup = JEDOXSSO
security = ADS
realm = JEDOXSSO.LOCAL
encrypt passwords = yes
idmap config *:backend=tdb
idmap config *:range=2000-9999
idmap config JEDOXSSO:backend=rid
idmap config JEDOXSSO:schema_mode=rfc2307
idmap config JEDOXSSO:range=10000-99999
winbind nss info = rfc2307
winbind trusted domains only=no
winbind use default domain=yes
winbind enum users=yes
winbind enum groups=yes
winbind refresh tickets=Yes
vfs objects=acl_xattr
map acl inherit=Yes
store dos attributes=Yes
idmap_ldb:use rfc2307=Yes

/etc/krb5.conf:
Adjust:
default_realm” to match your domain address.

[logging] default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults] dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}
default_realm = JEDOXSSO.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true

/etc/resolv.conf:
Adjust:
search” and “nameserver” to match your environment.

search JEDOXSSO.LOCAL
nameserver 192.168.2.30

/etc/rc.d/init.d/winbind:
Comment out the lines 17 and 20:
# Source networking configuration.
#. /etc/sysconfig/network
# Check that networking is up.
#[ ${NETWORKING} = "no" ] && exit 1

/etc/hosts:
Add:
IP” ,”FQDN” and the “Netbiosname” of your AD-Server.

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.30 ADServer.jedoxsso.local ADServer

/etc/hostname:
JedoxServer

Activate SSO in the Jedox OLAP server
/Data/palo.ini:
add one of these parameters:

windows-sso  (enables SSO Authorization Mode)
or:
windows-sso-authentication (enables SSO Authentication Mode)

To activate the automatic login, change the settings in
/httpd/app/etc/config.php:
from:
define('CFG_AUTH_SSO', false);
to:
define('CFG_AUTH_SSO', true);

Create if missing:
mkdir /var/log/samba/cores
chmod -R 700 /var/log/samba/cores
chown -R root:systemd-network /var/log/samba/cores

Delete if exists:
rm /var/lib/samba/winbindd_privileged
chown -R root:systemd-network /var/lib/samba/winbindd_privileged

Join:
net ads join -U <username with enough rights to join domain>
or:
net join -S ADServer.jedoxsso.local -U <username with enough rights to join domain>

Then it should look like the following example:
bash-4.2# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- JEDOXSSO
Joined 'JEDOXSERVER' to dns domain 'jedoxsso.local'

If you get an error, you can use troubleshooting.

Check for broken winbind process. IF there any, kill them as shown:
bash-4.2# ps uax | grep winbindd
root 26156 0.0 0.0 376560 6776 ? Ss 07:35 0:00 winbindd
root 26158 0.0 0.1 380976 7640 ? S 07:35 0:00 winbindd
root 26715 0.0 0.0 379060 4644 ? S 09:01 0:00 winbindd
kill -9 26156
kill -9 26158
kill -9 26715

Now start winbind:
/etc/init.d/winbind start
Leave chroot with the command:
exit.

You are still in:
/opt/jedox/ps
Restart Jedox with:
./jedox-suite.sh restart

 

Next SSO configuration step: Creation groups in Jedox according to SSO Authorization Mode or SSO Authentication Mode

image_pdfimage_print
Was this post helpful?
NoYes (No Ratings Yet)
Loading...