My first question to you, is why do you want to change the DefaultAuth authentication domain?  It ultimately is just a text string that maps  credentials to SAS servers and databases.  What is your end goal here?

I see that you mentioned reference to LDAP.  Are you trying to ensure SAS uses LDAP for authentication?  If so, then the best practice would be to have your operating system authenticate to LDAP, and SAS will just leverage the o/s authentication (either via PAM or host based authentication).  

Please provide more details on what you are trying to achieve.

Hi,

I need to change the current host based auth to LDAP secured (LDAPS) auth. So if I create new LDAPS auth then I had to change defaultauth settings in SMC to direct to new LDAPS auth.

For this ,do I need to do it for all individual users-->change defaultauth settings or is there any other way to directly change the default settings for all users at one go instead of individual one.

Regards,

Namrata

Let the SAS host itself authenticate to LDAPS, and you don't need to change the authentication in SAS metadata.

Hi,

Can you pls brief me what you said as I did not get the content.

Also PFA doc created with the help from SAS support links shared related to LDAP config.

I am completely new to SAS and I need to change the current SAS host based authentication to LDAP secure authentication.

Regards,

Namrata

Set up the host operating system (or just the SAS users) to authenticate against LDAPS, and you will not have to make changes in the SAS metadata.

Hi,

Where do we check the available CA certificates in SAS servers? coz the SAS application which use Active Directory (AD) for authenticating users via the LDAPS have to be configured to trust the CA certificates for the Internal Root and Intermediate CA.

Regards,

Namrata

I'd encourage you to post specific questions like this as new community posts rather than adding to an existing thread - you'll get better visibility and most likely wider responses.

I assume this is SAS 9.4 and not SAS Viya?

To find out what CA certificates have been added to the SAS Trusted CA Bundle I use the method I posted at https://platformadmin.com/blogs/paul/2018/02/did-i-add-that-ca-certificate-to-the-sas-trusted-ca-bun...

However, unless you have good reasons to do otherwise, I would suggest following @Kurt_Bremser's advice and configuring the host operating system(s) for LDAPS auth (rather than the SAS metadata server directly). You mentioned earlier that you are completely new to SAS so I would recommend getting help from SAS Professional Services or a local SAS Partner with experience in this area - it will save you time and help ensure your SAS platform is well setup for success.

Hi Sir,

I am not making any changes on SAS metadata. Just that need to upgrade host based authentication to LDAP secured one (Direct LDAP).

I still did not get any valid responses. I have gone through SAS support docs for LDAP but still figuring out from where to start the changes.

OS- both 2007 & 2010

SAS version- 9.4

SAS softwares installed & used by users are:

1) SAS Enterprise Guide 7.1 (64 bit)

2) SAS Studio

3) SAS Management Console 9.4 (SMC for Admin only)

Regards,

Namrata

Then it's not a SAS issue anymore, but one of the operating system. Connecting a system to a LDAP source is one of the things a system administrator has to handle, so you should talk to her/him.

Yeah but here there is no 1 to do the same.I am d only one who got windows admin access to perform this activity.

Hence constantly I am asking the same qs how to go further to upgrade current host based auth to LDAPS (secured).

I got ppt from windows team related to LDAPS in which I got info like LDAP host, port no & base DN.

Also they mentioned whatever CA certificates (regarding apps that used AD to authenticate users via LDAPS have to be configured to trust the CA certificates) required has to be placed to that particular location (no idea where & how to place).

I got copies of those certificates.

But how do we check if my current SAS have already got this required certificates? 

---

@nambhanushali wrote:

Yeah but here there is no 1 to do the same.I am d only one who got windows admin access to perform this activity.

---

Then you should (and this is VERY obvious) also be the one with the necessary admin skills.

Would you step onto an airliner while knowing that the people in the cockpit have no clue about flying?

While system administration is considerably easier than flying an airliner, trying to do it without having acquired the necessary skills results in the same outcome: crash. The fact that computer crashes hurt less is the only consolation.

So you should attend the proper courses three days before yesterday, and go asking for in-depth information on the proper sites. This is the SAS community, not a Windows admin forum, so you won't find many Windows admin gurus here.

I (for instance) could only give you some AIX advice, and that's because I went through AIX Basic, AIX Admin and Advanced AIX Admin at IBM.