Using Fiorano NTRealm avoids defining Users and Groups on FioranoMQ. Windows NT Security realm of FioranoMQ uses account information defined for a Windows NT domain, to authenticate Users and Groups. FioranoMQ NTRealm provides authentication using the WindowsNT security domain controller.

Salient Features

Fiorano NT Realm requires the FioranoMQ Server to be run as a Windows administrative user, enabling it to read security-related data from the Windows NT Domain Controller. To use Fiorano NT Realm, FioranoMQ must be run on a computer in the Windows NT domain.

To manage User and Group information, the FioranoMQ Server must be able to make system calls on the Windows NT computer, where the FioranoMQ Server is running. In other words, FioranoMQ needs appropriate privileges to be able to communicate with the Primary Domain Controller to perform authentication.

NT Principal Manager, only users registered in Administrators group has rights to open/create Admin Connection. Other users can be given these rights by adding/registering them to the default Administrators group.

Limitations

• A Group can not have a Group as a member.
• Password for a user can not be changed using Fiorano NT Realm API. A password can be changed using the Windows NT Administration Tool, instead.

Note: These limitations relate to the NT implementation of realm.principal and can be over-ridden by using any other implementation of FioranoMQ Realm.

Troubleshooting

The most common configuration problem within Fiorano NT Realm is related to Windows NT policies and, specifically, with the user account that runs the FioranoMQ Server. The user account that runs

FioranoMQ Server requires special permissions to access the Windows NT domain. The steps for granting these permissions are available through the configuration instructions.

A frequently occurring problem concerns FioranoMQ Server's difficulty in loading the file fioranorealm.dll. If FioranoMQ is unable to load the fioranorealm.dll, it gives the following message: