We're currently trying to set up SAS Studio Basic 3.71 in AWS to authenticate against our Active Directory setup.
Looking at the documentation in <SASHome>/SASFoundation/9.4/utilities/bin/sasauth.conf, there are three ways to authenticate a user (BIND, MATCH, or QUERY). We decided to go with the MATCH or QUERY methods for authentication. However, we've run into a few errors with both methods.
With MATCH, it seems that the user is found, but SAS runs into an issue with getting the encrypted password.
With BIND, we're getting an operations error. It looks like our DN query failed, but I'm not getting any other information from the debug logs.
I had the following questions:
I can provide more details and logs, but I think my last post was marked at spam from being too long.
Thanks again!
Hello @darwinwalters,
The solution to this answer is more than 50% non-SAS related.
In your case, I would revert first back all the changes. Afterwards, I would join that machine, to the Active Directory ( realm or any other method ). You will need an AD admin, because it requires the password of the admin.
Once it is done, please test if a user can actually log in to the machine by SSH. At this stage, the host itself will be able to authenticate against active directory. So, most of your work is done, just one easy bit is left.
Only then, you can share the created PAM authentication with SAS Foundation http://support.sas.com/kb/49/432.html and test in SAS Foundation and SAS Studio Basic, if it can authenticate. It should be possible, since the hot itself should be able to authenticate.
This should be enough, please let us know if it works for you.
This might help you as well: http://support.sas.com/documentation/installcenter/en/ikfdtnunxcg/66380/PDF/default/config.pdf?local...
Kind regards,
Juan
Hey @JuanS_OCS,
Thanks for the answer! I just wanted to clarify that our EC2 instance is running Linux. Rather than joining our instance to Active Directory, we're just trying to bind with a service account. This account is used to look up users in our domain and authenticate them.
If we are just binding using this service account, we shouldn't need an admin account, right? The service account is also being used for LDAP authentication for other applications running in our AWS account.
Are you ready for the spotlight? We're accepting content ideas for SAS Innovate 2025 to be held May 6-9 in Orlando, FL. The call is open until September 25. Read more here about why you should contribute and what is in it for you!