Page 1 of 1
dsjob command without passing password - Active Directory
Posted: Tue Dec 30, 2014 3:17 pm
by nvalia
Hi All,
I am trying to execute a job from a script using dsjob and it works fine when I a pass the password (project name and job name are passed as params)
dsjob -domain domain -server S1 -user userval -password pass -run -mode NORMAL -warn 1 -wait $PROJECT_NAME $JOB_NAME
We have Active Directory Integration (No Credential Mappings) so I was trying to run this without passing a password but it does not run.
dsjob -domain domain -server S1 -user userval -run -mode NORMAL -warn 1 -wait $PROJECT_NAME $JOB_NAME
So will I always need to pass a password (I know we can use a Credentials File too) or is there a different way to do this?
Thanks,
NV
Posted: Tue Dec 30, 2014 3:29 pm
by PaulVL
Are you logged in as that "userval" id when executing dsjob?
Posted: Tue Dec 30, 2014 4:07 pm
by nvalia
No I was not.
It is running now. Thanks Paul :(
Posted: Tue Dec 30, 2014 4:14 pm
by nvalia
Sorry..I ran the command with the password in it so it worked!
After logging in as the same user as used in the script (userval) , it is not running.
On the command prompt, it is asking for password to be typed in
Posted: Tue Dec 30, 2014 7:36 pm
by qt_ky
I think you cannot provide the -user argument only unless you also provide the -password argument. Try it with both arguments and also try it without either argument, as the user under which it will execute.
There is a -domain NONE option and alternative setting you could try; I'm not sure if those options work with Active Directory integration or not. See this topic:
viewtopic.php?t=145294
To improve security, you can encrypt the credentials into a file and use the -authfile argument.
Posted: Wed Dec 31, 2014 10:04 am
by nvalia
Not using both the user and password also does not work and it prompts for both to be entered at execution from command line
The -Domain NONE did not work either, may be due to Active Directory Integration. Get this Error
ERROR: Failed to open project
Last recorded error message =
java.rmi.RemoteException: None; nested exception is:
java.net.UnknownHostException: None
Status code = -1010 DSJE_DOMAINLOGTOFAILED
[1] + Done(134) fi
7432 Abort C:/IBM/INFORMATIONSERVER/SERVER/DSEngine/bin/dsjob
dsjob run command Status= 134
Posted: Wed Dec 31, 2014 11:14 am
by PaulVL
I agree with Eric, I believe that using the auth file is a much better security approach.
Is there any reason you do not wish to have your environment use the encrypted password in the auth file?
Production Service IDs should typically be set up with non expiring passwords, but your shop could have different rules.
Posted: Wed Dec 31, 2014 11:39 am
by nvalia
Using Authentication File is an option that I will end up using if nothing else works here.
So In this case will I have do Credential Mapping for the Service Id in the Information Server even though we have AD?
Also does this mean when we use dsjob we cannot leverage the Active Directory Integration?
Posted: Wed Dec 31, 2014 12:18 pm
by chulett
Why not check with Support, see what the official answer is?
Posted: Wed Jan 07, 2015 8:42 am
by nvalia
It does not work if use Domain None but the solution to this is to NOT PASS the Domain, User and Password to the dsjob command and it will use the credentials of the logged in user irrespective of type of Authentication, Credential mappings or LDAP