Sie sehen die Flagge von Österreich

BMD
Österreich

Sie sehen die Flagge von Deutschland

BMD
Deutschland

Sie sehen die Flagge der Schweiz

BMD
Schweiz

Sie sehen die Flagge von Ungarn

BMD
Magyarország

Sie sehen die Flagge der Slowakei

BMD
Slovensko

Sie sehen die Flagge von Tschechien

BMD
Česko

Sie sehen die englische Flagge

BMD
International

Sie sehen die englische Flagge EN
search

BMD Web: Setting up Windows authentication

In BMD NTCS, the BMD NTCS users must be linked to their respective operating system user and single login must be activated: 

The web server has to be in the domain.

 

If the web server is separated by a DMZ firewall, the following ports to the domain controllers need to be opened:

  • 88 TCP/UDP – Kerberos
  • 389 TCP/UDP – LDAP 
  • 636 TCP – LDAP SSL
  • 135 TCP – RPC Endpoint Mapper
  • 53 TCP/UDP – DNS
  • 123 TCP/UDP – NTP 
  • 445 TCP/UDP – CIFS/SMB
  • 3268 TCP – LDAP Global Catalog
  • 3269 TCP – LDAP Global Catalog SSL
  • 49152 -65535/TCP - RPC dynamic high ports (LSA, SAM, Netlogon, FRS)

 

Refer to:

https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
https://blogs.technet.microsoft.com/luistog/2012/05/08/restricting-ad-replication-traffic-between-dcs-to-only-a-few-ports/
https://support.microsoft.com/en-us/help/224196/restricting-active-directory-rpc-traffic-to-a-specific-port

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters 
DCTcpipPort (REG_DWORD) 
Value data: 49256 (This value needs to be specified in decimal format)

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
TCP/IP Port (REG_DWORD)
Value data: 49257 (This value needs to be specified in decimal format)

 

For the following steps, we assume that BMD Web is already fully set up and operating smoothly.

Refer to:
https://www.bmd.com/en/technical-documentation/setting-up-bmd-web-applications.html

 

Via server manager:

Management → Add Roles and Features → Web Server (IIS) → Role Services → Security → Windows Authentication

Go to the IIS Manager of the application and under "Authentication"

 

  • Disable "Anonymous Authentication"
  • Enable "Windows Authentication"

After logging out of a BMD Web session, you are immediately redirected back to the login page. If Windows authentication is enabled, the mechanism will log you back in immediately.

 

Solution

There is a parameter in the BMD Web settings where you can enter a logout URL in order to avoid this issue.

  • Internet Explorer and Edge should now work out of the box. 

  • For Firefox, you have to search for "network.automatic" via about:config.
    Either add the respective URL to "network.automatic-ntlm-auth.trusted-uris" or set "network.automatic-ntlm-auth.allow-non-fqdn" to true and do not fill in "network.automatic-ntlm-auth.trusted-uris".

  • Chrome (and browsers that are based on it like Opera and Vivaldi) access the Internet Explorer settings.

    Should it still not work in Chrome, you may have to remove the "Negotiate" provider.

 

  • In Edge and Firefox, Windows authentication does not work in private mode.
    However, in Internet Explorer and Chrome it does.

  • If the client from which the website is accessed is not in the domain, a query window opens where you have to enter the user and the password.
    → After entering the domain credentials, you are permitted access.

 

If the system does not assign the URL to BMD Web correctly, please proceed as follows:

  • Add the BMD Web URL to the "Trusted sites" in Internet Explorer.

  • Set user authentication to "Automatic logon with current user name and password".

 

Section:

BMD installation guides




BMD Systemhaus GesmbH

Sierninger Straße 190

A-4400 Steyr

+43 50 883 or 0043 7252 883

bmd@bmd.at

Follow us

Follow us on Facebook
Follow us on Xing
Follow us on LinkedIn
Follow us on YouTube
Follow us on Kununu
Follow us on Instagram