11.2 Authentication Role

This role helps speed the authentication process by spreading the workload among various devices and by performing authentication locally to managed devices.

11.2.1 Prerequisites to Configure the Authentication Role on a Satellite

If you have installed ZENworks 11 with external certificates, you must complete the following tasks on the Satellite before configuring the Authentication role on a Satellite:

  1. Ensure that the Satellite has its own individual server certificate and private key.

    For detailed information on how to create to an external certificate, see Creating an External Certificate in the ZENworks 11 Server Installation Guide.

  2. Import the external certificate by using the zac iac command.

    For more information about zac, view the zac man page (man zac) on the Satellite or see the ZENworks 11 Command Line Utilities Reference.

    NOTE:You must import the external certificate each time you promote the Satellite to Authentication role.

11.2.2 Configuring the Authentication Role on a Satellite

  1. (Optional) To configure the Authentication role on a Satellite, select the check box next to Authentication, click Configure to display the Configure Authentication dialog box.

  2. Specify the authentication port.

  3. Select a user source from the User Source drop-down list.

  4. Click Add to display the Add User Source Connections dialog box.

    Fill in the fields:

    Connection Name: (Optional) Specify all or part of the name for the connection to the LDAP directory, then click Filter to display the list of connections that match the criteria.

    If you have many connections in your ZENworks Management Zone, you can use the Connection Name field to display only those connections that match the criteria. For example, to display all connections that contain the word “London,” type London in the Connection Name field, then click Filter.

    Connection Address: (Optional) Specify part of the IP address or DNS hostname of the connection to the LDAP directory, then click Filter to display all connections with that IP address.

    If you have many connections in your ZENworks Management Zone, you can use the Connection Address field to display only those connections that match the criteria. For example, to search for and display all connections that have an IP address starting with 172, type 172 in the Connection Address field, then click Filter.

    User Source Connections: Select the check box next to the connection you want to add.

  5. Click OK to return to the Configure Authentication dialog box.

  6. (Optional) Reorder the connections in the User Source Connection list by selecting a connection’s check box, then clicking Move Up or Move Down.

    The device uses the connections in the order they are listed to authenticate the device to the ZENworks Management Zone.

  7. Click OK to return to the Add Satellite Server or Configure Satellite Server dialog box.

  8. Continue with Step 4.

NOTE:Any change made to an Authentication satellite server in the Zone will trigger a device refresh through the Quick Task feature. If the Authentication satellite is modified, it will cause all the Authentication satellite servers in the Zone to refresh. This may lead to the creation of excessive Quick Tasks, resulting in the clogging of database.

To prevent the creation of excessive Quick Tasks, you can configure the Quick Task refresh interval by editing the quicktask_trigger_interval field in the file named quicktask.properties. This file can be accessed from the following location:

  • On Windows: ZENworks_installation_path\novell\zenworks\conf\ quicktask

  • On Linux: /etc/opt/novell/zenworks/conf

By default, the Quick Task refresh interval value is set as 600 minutes (10 hours).If changes are made to the satellite server within the predefined refresh interval, a new Quick Task will not be created. The new changes will get reflected on the managed devices when the next system refresh is performed.