The Build Forge agent initially starts with Windows system account
credentials. To run commands, the agent later authenticates with
Windows using Build Forge server authentication credentials.
The server authentication credentials are accepted for local commands
but might fail for some commands that the agent must run on external,
networked shared drives. For example, to modify files in a ClearCase
dynamic view, the agent must access ClearCase files on a network shared
drive.
The commands fail because the external file system ignores the
agent server authentication credentials; it recognizes only the agent's
initial system account credentials.
If you experience problems running commands on a network shared
drive, try the following actions:
- Run commands using server authentication credentials
- To run commands using a Build Forge server authentication credentials
with access to network shares, add the win_reexec_after_auth setting
to the BFagent.conf file.
- If you want to use Build Forge server authentication credentials
to establish access to a network share, adding this setting is prerequisite.
- The win_reexec_after_auth setting causes the agent to start a
new process after authenticating with Windows. The new process forces
the shared file system to recognize that the agent changed the user
credentials.
- When win_reexec_after_auth is set, the agent runs as a service
and does not distinguish between commands that access network shares
and those that do not, so you might notice a performance impact.
- Run the agent in single user mode
- During agent installation, set up the agent to run commands in
single user mode without Build Forge server authentication credentials.
Select the Install User Mode Agent option.
- If the specified user is a member of the Administrator group,
then the user's credentials must be specified using server authentication
credentials.
- If the user is not an administrator, then use the magic_login
setting in BFagent.conf to prevent unauthorized access to the agent.
- When you log on to the Management Console, the agent starts up
and runs as the user name you provide, which immediately authorizes
access to the network shares using that user's credentials.
- Run the agent as a service with a dedicated user account
- Set up the agent to run as a Windows service with a dedicated
user account. This option restricts you to running the agent as a
single user account, but does not require the agent to start a new
process to re-authenticate, so performance is not affected.
To run
the agent as a service with a dedicated user account:
- On the Build Forge server, click to
open the Windows Control panel. The list of services opens.
- Open the service for the IBM Rational Build Forge Agent.
- Provide the user account information for the user you want to
run agent commands. For example, provide information for the ClearCase
admin user or other user with access to ClearCase dynamic views and
VOBs.