Sie sehen die Flagge von Österreich

BMD
Österreich

Sie sehen die Flagge von Deutschland

BMD
Deutschland

Sie sehen die Flagge der Schweiz

BMD
Schweiz

Sie sehen die Flagge von Ungarn

BMD
Magyarország

Sie sehen die Flagge der Slowakei

BMD
Slovensko

Sie sehen die Flagge von Tschechien

BMD
Česko

Sie sehen die englische Flagge

BMD
International

Sie sehen die englische Flagge EN
search

Setting up BMD Web Windows Authentication


In BMD NTCS, the BMD NTCS users must be linked to their respective operating system user and single login must be activated: 

 

The web server has to be in the domain. 


In case that the web server is separated by a DMZ firewall, the following ports to the domain controllers need to be enabled:  

  • 88 TCP/UDP – Kerberos
  • 389 TCP/UDP – LDAP 
  • 636 TCP – LDAP SSL
  • 135 TCP – RPC Endpoint Mapper
  • 53 TCP/UDP – DNS
  • 123 TCP/UDP – NTP 
  • 445 TCP/UDP – CIFS/SMB
  • 3268 TCP – LDAP Global Catalog
  • 3269 TCP – LDAP Global Catalog SSL
  • 49152 -65535/TCP - RPC dynamic High Ports (LSA, SAM, Netlogon, FRS)

 

Please refer to: 

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters 
    DCTcpipPort (REG_DWORD) 
    Value data: 49256 (This value needs to be specified in decimal format)
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
    TCP/IP Port (REG_DWORD)
    Value data: 49257 (This value needs to be specified in decimal format)


Subsequently, we assume that the BMD Web application is already fully set up and operating smoothly. 

 

Please refer to: 

https://www.bmd.com/en/technical-documentation/setting-up-bmd-web-applications-2.html

 

Via server manager:

Manage - Add roles and Features - Web Server (IIS) - Role Services - Security - Windows Authentication

 

In the IIS Manager in the application under Authentication

 

Disable anonymous authentication

Enable Windows authentication

 

After logging out of a BMD Web session, you are immediately linked back to the login page. If Windows authentication is enabled, the mechanism will log you back in immediately. 

 

Solution

There is a new parameter in the BMD Web settings where you can enter a logout URL in order to avoid this issue. 

 

  • Internet Explorer and Edge should now already work "out of the box". 
  • For Firefox, you have to search for "network.automatic" in about:config. 
    Either add the respective URL to "network.automatic-ntlm-auth.trusted-uris" or set "network.automatic-ntlm-auth.allow-non-fqdn" to true and do not fill in "network.automatic-ntlm-auth.trusted-uris".
  • Chrome (and its branches like Opera & Vivaldi) access the IE settings. 
    In case that it still does not work in Chrome, you may have to remove the "Negotiate" provider. 

 

  • In Edge and Firefox, Windows authentication does not work in private mode. 
    However, in Internet Explorer and Chrome it does. 
  • If the client, from which the web page is launched, is not part of the domain, a query window opens demanding user + password. 
    → After entering the domain credentials you are permitted access. 

 

In case that the system does not assign the URL to BMD Web correctly, please proceed as follows:

 

  • Add the URL of BMD Web to "Trusted sites" in Internet Explorer.
  • Set user authentication to "Automatic logon with current user name and password".

 

Section:

Setting Up BMD Web Applications




BMD Systemhaus GesmbH

Sierninger Straße 190

A-4400 Steyr

+43 50 883 or 0043 7252 883

bmd@bmd.at

Follow us

Follow us on Facebook
Follow us on Xing
Follow us on LinkedIn
Follow us on YouTube
Follow us on Kununu
Follow us on Instagram