The Rational® Build Agent
initially starts with Windows® system
account credentials. To run commands, the agent later authenticates
with Windows using Rational Build Agent server
authentication credentials.
The server authentication credentials are accepted for local commands
but might fail for some commands that the agent must run on external,
networked shared drives. For example, to modify files in a ClearCase® dynamic view, the
agent must access ClearCase files
on a network shared drive.
The commands fail because the external file system ignores the
agent server authentication credentials; it recognizes only the agent's
initial system account credentials.
If you experience problems running commands on a network shared
drive, try the following actions:
- Run commands using server authentication credentials.
- To run commands using a Rational Build
Agent server authentication credentials with access to network shares,
add the win_reexec_after_auth setting to the BFagent.conf file.
- If you want to use Rational Build
Agent server authentication credentials to establish access to a network
share, adding this setting is prerequisite.
- The win_reexec_after_auth setting causes the agent to start a
new process after authenticating with Windows. The new process forces the shared
file system to recognize that the agent changed the user credentials.
- When win_reexec_after_auth is set, the agent runs as a service
and does not distinguish between commands that access network shares
and those that do not, so you might notice a performance impact.
- Run the agent in single user mode
- During agent installation, set up the agent to run commands in
single user mode without Rational Build
Agent server authentication credentials. Select the Install
User Mode Agent option.
- If the specified user is a member of the Administrator group,
then the user's credentials must be specified using server authentication
credentials.
- If the user is not an administrator, then use the magic_login
setting in BFagent.conf to prevent unauthorized access to the agent.
- The agent starts up and runs as the user name you provide, which
immediately authorizes access to the network shares using that user's
credentials.
- Run the agent as a service with a dedicated user account
- Set up the agent to run as a Windows service
with a dedicated user account. This option restricts you to running
the agent as a single user account, but does not require the agent
to start a new process to re-authenticate, so performance is not affected.
To
run the agent as a service with a dedicated user account:
- On the Rational Build
Agent server, click to open the Windows Control panel. The list of services
opens.
- Open the service for the IBM® Rational Build Agent.
- Provide the user account information for the user you want to
run agent commands. For example, provide information for the ClearCase admin user or other
user with access to ClearCase dynamic
views and VOBs).