When you use NT authentication, Search Server can use domain local groups, instead of global domain groups. You can deploy this option if access to the NT domain and its groups is not possible. This method enables you to deploy NT authentication without having access to the global domain groups.
Domain local groups are groups local to the authentication master. Search Server can use domain local groups.
On the authentication master, you must perform some server-side configuration. By convention, the authentication master is the same server where the Portal web application is installed.
- Login to the server that is identified as the Authentication Master in Search Server.
- Open the Computer Management console by selecting Start > Administrative Tools > Computer Management
- From the Computer Management console, select Computer Management > System Tools > Local Users and Groups > Groups
- Right-click Groups and select New Group. Provide the group a meaningful name. For example:
TLusers
. - Add users to the domain group.
Note: Users must be added by domain. For example, users in the
tealeaf
domain must be added astealeaf\username
. - Add users and groups until all Tealeaf users have been added to the local domain. You should create at least two groups, one for users and one for administrators.
- In Search Server configuration, click Modify beneath Domain Local Groups.
- Enter the local machine name in the Domains textbox. Do not use
localhost
. - Click the Domain Local Groups checkbox.
- You can now add users to user groups and admin groups.
- Click Add to User Groups.
- Search Server configuration lists the groups defined on the local machine, instead of the domain server.
Note: Users that are added to the listed groups must be part of the local domain. They cannot be user accounts for the local machine.
- Repeat the above steps for admin groups.
- Complete the rest of the configuration for NT authentication.
Modifying authentication setting
To modify Search Server authentication:
- To configure authentication, click Modify in the Authentication area of the main Search Configuration dialog.
- Modify the options as appropriate for your environment.
Setting the
Authentication Type
allows you to specify the type of authentication.