Sentinel: Migrating a Sentinel 5 system from using SQL Authentication to Windows Authentication

  • Document ID:3173066
  • Creation Date:25-Jan-2007
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Sentinel

Environment

Sentinel 5.1.x
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Server

Situation

Migrating a Sentinel 5 system from using SQL Authentication to Windows Authentication

Resolution

Migrating a Sentinel 5 system from using SQL Authentication to Windows Authentication

Note: These instructions assume Sentinel is using the same database and just reconfiguring this database to use Windows Authentication Only rather than Mixed-Mode Authentication (Windows Authentication and SQL Authentication).

  1. Create a Windows Domain login for any of the users created through Sentinel Control Center installation that were specified as a "Local” user (as opposed to "Domain”).
  2. On the machine running DAS, stop the following services:
  • Sentinel (Also referred to as DAS - old service name - eSecurity)
  • Sentinel Communication (old service name - eSecurity Communication)
  1. Wait a while for the services to stop. (Check task manager to make sure all java processes have stopped.)
  2. Add the Windows Domain logins to the SQL Server by going to {DB Server}\Security\Logins in Enterprise Manager and clicking the Action New Login. For each Windows Domain login added to SQL Server, copy the DB permissions from the corresponding SQL Server Authentication user.
  3. For each Windows Domain login added to SQL Server, copy the settings in the "Server Roles” and "Database Access” tabs from the properties of the SQL Authentication user to the corresponding Windows Authentication user.
  4. In the ESEC database, update the USERS table for each Windows Domain login added that has a corresponding row in the USERS table (esecdba and esecapp will not have rows in the USERS table). **Update the following columns for each row that was a SQL Authentication user but you are now making a Windows Domain user:
    1. This must be the full Windows Domain login, including the domain name (e.g. – novell\esecadm)
    2. UPPER_NAME – Change this to the upper case version of the Windows Domain login that is replacing the SQL Authentication login. This must be the full Windows Domain login, including the domain name (e.g. – NOVELL\ESECADM).
    3. DOMAIN_AUTH_IND – Set the value in this column to 1.
      1. CONFIGS – update the USR_ID column
    4. In the ESEC_WF database:
      1. UserTable – update the userid column
  5. For all the usernames updated in Step 6, also modify the username in the following tables to match the value put in the NAME column in the USERS table:
    1. In the ESEC database:
    2. ResourcesTable – update the Username and Name columns.
  6. Change the SQL Server to use Windows Authentication Only. To get to this dialog right click on the database server and select Properties.
  7. Delete the SQL Authentication logins from {DB Server}\Security\Logins.
  8. Make the esecapp Windows Domain User local admin/poweruser on the machine running DAS.
  9. On the machine running DAS, update the Sentinel service to run as the esecapp Windows Domain User.
  10. On the machine running DAS, update the all container xml files in the directory %ESEC_HOME%\sentinel\config to specify to use the Windows Domain account. For Sentinel v5.0.x, the files needing to be updated are:
  • activity_container.xml
  • alertcontainer.xml
  • attackcontainer.xml
  • das_query.xml
  • das_binary.xml
  • das_cmd.xml
  • workflow_container.xml
  • das_rt.xml (for 5.1.x)

Remove the username and password value, so set properties as below:

<obj-component id="ConnectionManager">

<class>esecurity.base.ccs.comp.dataobject.ConnectionManagerclass>

<propertyname="username" />

<propertyname="password" />

13. On the machine running DAS, start the following services:

  • Sentinel Communication
  • Sentinel

14. Wait a few minutes for the services to start.