17.10 - Creating an Active Directory User for Each Node and Unity Server - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Create an Active Directory user for each Teradata Vantage node and each Unity server you added to DNS in Adding a Database Node or Unity Server to the Windows DNS. This step is necessary in determining the Service Principal Name (SPN).

The Active Directory user for each database node and Unity server must have a password. Teradata recommends that you use a strong password. If site security policy allows it, you can use the same password for all node and Unity server users.
  1. On the Active Directory server, click on Start > Programs > Administrative Tools > Active Directory Users and Computers.
  2. Right click on the OU where the user is to be created.
  3. Click on New > User.
  4. In the dialog box, enter the name of the node or Unity server for both User logon name and First name. Use the names assigned in step 4 of Creating a Computer Component for Database Nodes and Unity Server, for example: tdatsysa1-1.
  5. Click Next.
  6. Enter a password and reenter it to confirm.
  7. If site policy allows it, check the Password never expiresbox. Otherwise, check User cannot change password.
  8. Click Next.
  9. Repeat this procedure for each node of each Teradata Vantage system and each Unity server that is served by the KDC.
If you change the passwords for the users you created, for example, because password change is required by site security policy, you must also:
  1. Regenerate the keys. See Running ktpass to Create the Kerberos Keys.
  2. Re-install them on the nodes, and on Unity servers, if used. See Installing the Kerberos Keys.