Tarantella Administration Guide > Users and authentication > How do I enable the NT login authority?

How do I enable the NT login authority?

The NT login authority allows users to log in to Tarantella using their NT username and password.

Setting up the NT login authority, involves:

Setting the NT authentication domain

To set the NT domain against which users are authenticated:

  1. Open Array Manager.
  2. Click Tarantella Login, Properties.
  3. Check the Login Authorities, NT login authority box.
  4. In the Windows NT Domain field, type the name of the domain to authenticate NT users against.

Authenticating users from more than one domain

If you need to authenticate users from more than one domain, you must have one domain that is trusted by all the other domains. You must use the trusted domain as the Windows NT domain setting in Array Manager. This domain is used to authenticate users.

When a user in another domain logs in to Tarantella, they must use the format domain\username for their username. If they do not use this format, Tarantella will try to authenticate the user using the authentication domain and fail.

Note The Windows NT domain (--ntdomain) attribute for person objects plays no part in the Tarantella login.

What if the Tarantella server is not on the same subnet as an NT machine in the selected domain?

If the Tarantella server is not on the same subnet as an NT machine in the selected domain, you must hard code the authentication machine by running the following commands: 

tarantella stop

tarantella config edit \
  --com.sco.tta.server.login.ntauth.NTAuthService.properties-authConfig authnbt=NTNAME

tarantella config edit \
  --com.sco.tta.server.login.ntauth.NTAuthService.properties-authConfig-append authserver=my.domain.name

tarantella start

When running these command:

About NT usernames and passwords

The NT login authority supports 8-bit case-sensitive NT passwords. The NT username can contain any characters.

Defining webtops for NT users

Defining the same webtop for all NT users

Once you have set the domain for the NT login authority, NT users can log in to Tarantella using their NT username (or domain\username) and password without the need to create person objects in Object Manager. To define the webtop for users who log in this way, you have to add applications and documents to the NT User Profile object (o=Tarantella System Objects/cn=NT User Profile).

This method of defining a webtop is only of use if all NT users are to have access to the same web top content or as a fallback when Tarantella can't find an individual user.

Defining webtop content for individual NT users

To be able to define webtop content for individual users, you have to create a person object for each user.

When you create the user, the key attribute is the Username (--user) attribute, which must be set to the user's NT username. If the user is from a domain other than the authentication domain, this attribute must have the format format domain\username where domain is the name of the other domain and username is the user's NT user name.

You create the webtop for the user:

If a user logs in and they do not have a person object, they will get the webtop of the NT User Profile Object, as described above.

Resolving ambiguity issues

If an NT user does not get the correct webtop, it may be that their username is ambiguous with another user in a different login authority. To resolve any ambiguity issues, amend the Username (--user) attribute for the person object so that it uses the full TFN name of the NT user: 

.../_services/sco/tta/ntauth/username

where username (or domain\username) is the name of the NT user.

Related topics
  • What is a login profile?
  • What is ENS?
  • Login authorities
  • Tarantella Login properties (array-wide)