HELP: IntegratedLogin=3... SecurityName not found

bxmsw

hi all,

I have searched this forum and read the TM1 Op Guide on this topic. My users want to have single sign-on. I understand that this can be achieved using IntegratedSecurityLogin=3 in the config file.

the tricky part is, they are using Xcelerator in Cognos Express. If I choose to do using this login mode, this will effectively decouple Xcelerator login from CX Administration Manager, which may not be a bad thing :p.

based on the posts in this forum and the Op guide, i gather that i need to do the following:
1) add the integrated login parameter and set it to "3".
2) add the security name parameter and set it to "Kerberos".
3) for each TM1 user id, I shall go to the control cube "ClientProperties" and enter the windows login ID under the member "UniqueID" in the cube view. the format of the login ID is XXX@domain where domain is the name of the domain of the user ID "XXX".

So i tried it out on my local PC. However, when I double-click on the server (which is running as an application), the error message shows that the Security Name is not found.

Is it due to the fact that it is running as an application? or did i miss out a step e.g. need to do something to enable Kerberos? I'm using Vista on my local PC.

Many thanks in advance!

zhutou1989

Hi,

AFAIK Cognos Express will only support the CAM security configuration.

Michel

rampagews3

Hi,

AFAIK Cognos Express will only support the CAM security configuration.

Michel

Does that mean CX is not able to use Integrated login?

It clearly states in the OP guide it can, but I have spend a day and a half on this, every avenue leads to another dead end.

Any help???

shaochaowei

We were told (inconsistently) by IBM Support that CX 9.5 was not supported but that they had guidance on making it work. We passed this to the client who decided not to pursue.
I think it would be worthwhile to raise a PMR to see whether the story has changed.
And yes, as posted elsewhere, the manuals are more or less a search and replace from the 'real TM1' manuals, so that issue does not surprise me.

sysease

Several things here:

1) Check the spelling on the domain part of the UserName@domain. It is case sensitive and will not work unless spelled EXACTLY like it is in AD.
2) TM1 server exe has to run under an ID that has permissions to query AD. There is a whole section in the manuals that cover this.
3) Have you tried NTLM instead of Kerberos? If TM1 and TM1Web are on the same machine (and wouldn't they be in CX???) I would use NTLM.

kbswangyang

@tomok,


Yes I have tried NTLM and got it to work, LONG LONG process... but finally got it to work.

Now because it is security mode 3, it does not seem to work with Web components.

Sigh...

Think the problem might be sorted with LDAP setup, but that seems near impossible. I spend almost a week to get access to the database. Hopefully nobody wants to use web...

mmkjzz

Mems wrote:Now because it is security mode 3, it does not seem to work with Web components.

Which web components are you referring to? TM1Web will work with security mode 3, I do it all the time. The Cognos BI web components will not work as they require CAM.