BookmarkSubscribeRSS Feed
kanikacoley
Calcite | Level 5

Can you configure SAS Viya SSO on linux without the linux server being joined to the domain? We are trying to setup our Linux SAS Viya Servers and we are running into an issue with the service accounts. Our platform does not allow for Linux server to be joined to the domain. My initial thought was that Kerberos would tie into a SAS Module but I am starting to believe that SAS does not have a module that will do that. Any ideas on what can be done to setup single sign on without the server being joined to the domain?

Thanks So Much!

7 REPLIES 7
alexal
SAS Employee

@kanikacoley ,

 

I have these questions for you:

 

  • Who will be starting the CAS server sessions? End users or the "cas" user?
  • Do you have the requirements to connect to Hadoop?
  • Maybe it's better for you to use SAML or OAuth? 
kanikacoley
Calcite | Level 5

Hi!

The CAS user will be starting the cas sessions. We are trying to keep end-users from having to have local server accounts

No there are no requirements for Hadoop. SAML and OAuth are not out the question, we are researching trying to find the best way without having the servers joined to the domain but there is some ambiguity as to why we have to join it to the domain.

 

Would you be able to explain to me why the CAS Active Directory User has to ssh into the cas server and why cant a local CAS server user could not do the same thing?

Thanks So Much!

alexal
SAS Employee

@kanikacoley ,

 

Would you be able to explain to me why the CAS Active Directory User has to ssh into the cas server and why cant a local CAS server user could not do the same thing?

What did you mean? Where did you create the "cas" user? In the Active Directory or in /etc/passwd file on each node?

kanikacoley
Calcite | Level 5

I created it in Active Directory but Our servers are not joined to the domain so the Active Directory user cannot authenticate via ssh to the Linux server.

 

I also have a cas user in the /etc/passwd file on each node which I'm hoping we can use in place of the Active Directory cas user.

alexal
SAS Employee

@kanikacoley ,

 

So right now you are using a local "cas" user in order to start the CAS server sessions?

kanikacoley
Calcite | Level 5

We haven't actually installed Viya yet we are doing the prep work. In the guide I am using it is said that the CAS active directory user will run the cas server but we prefer to use the local cas user in the /etc/passwd file. I cannot find any documentation saying is if this is possible.

alexal
SAS Employee

@kanikacoley ,

In the guide I am using it is said that the CAS active directory user will run the cas server but we prefer to use the local cas user in the /etc/passwd file.

What guide is that? Official SAS Viya Deployment Guide or something else? Everything depends on what will you specify in the vars.yml file. You cannot use a user from the Active Directory for invoking a process on a Linux machine without connecting that machine to the Active Directory, so you have to specify a local user in the vars.yml file.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 7 replies
  • 1129 views
  • 0 likes
  • 2 in conversation