Image

Image

Search This Blog

Saturday, November 17, 2012

BES - enable http auth

Because the BlackBerry browser uses the BES server to render the pages, the default user for integrated authentication is always "besadmin"
In order to allow the user to authentify itself, we must enable Authentication support on the MDS. Follow KB15642 on bb site  or just

 For BlackBerry Enterprise Server 4.1:
         1. In BlackBerry Manager, select <BlackBerry_Enterprise_Server_name>_MDS-CS_1.
         2. Click Edit Properties. 
         3. In the Properties window, click HTTP.
         4. Under Authentication set the Support HTTP Authentication to True.


  For BlackBerry Enterprise Server 5.0
         1. Open the BlackBerry Administration Service.
         2. Expand the BlackBerry Solution topology.
         3. Expand the component view.
         4. Select MDS connection service.
         5. Select the http tab.
         6. Set authentication support enabled to yes.
         7. If you change this configuration, you will need to restart the BlackBerry MDS service in the Windows Services window.

Configure the MDSLogin.conf file to include your domain name. This will populate the domain field for the BlackBerry smartphone user when they are prompted for credentials on their BlackBerry smartphone. Complete the following steps:

1.On the BlackBerry Enterprise Server, go to C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\servername\config. 
2.Open the MDSLogin.conf file in a text editor. 
3.Edit the MDS_Default section by replacing COMPANY.COM with your domain name.

Note: If the domain name starts with a number, surround the domain name with quotes ("")

4.If you wish to force a particular authentication type you can change the relevant optional entry to required. 
 
 Save and close the file.
 
C. Configure the krb5.conf file to include details relevant to your specific Microsoft Active Directory environment as follows:
    On the BlackBerry Enterprise Server navigate to C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\servername\config. 
 

1.Open and edit the krb5.conf in a text editor.

The default sections and entries contained within this file are as follows:
[libdefaults]
default_tkt_enctypes = des-cbc-md5 ; or des-cbc-crc
default_tgs_enctypes = des-cbc-md5 ; or des-cbc-crc
[realms]
# change COMPANY.COM to your Kerberos realm
# change KDC:88 to the hostname:port of KDC
COMPANY.COM = {
kdc = your_kdc.your_domain.com:88} 
2.Replace the COMPANY.COM entry under the [realms] section with your domain name. Ensure this entry is in UPPER case.  
3.Enter the Fully Qualified Domain Name (FQDN) of the KDC within your Microsoft Active Directory environment and port number (if changed from the default of 88). Ensure host names and domain names are in lower case.  
4.Restart the BlackBerry MDS Connection Server service in Windows Services

Blog Archive