立即与支持人员聊天
与支持团队交流

Safeguard Authentication Services 5.1.1 - Evaluation Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Installing and configuring Safeguard Authentication Services Getting started with Safeguard Authentication Services

Network requirements

Safeguard Authentication Services must be able to communicate with Active Directory, including domain controllers, global catalogs, and DNS servers using Kerberos, LDAP, and DNS protocols. The following table summarizes the network ports that must be open and their function.

Table 8: Network ports
Port Function
389 Used for LDAP searches against Active Directory Domain Controllers. TCP is normally used, but UDP is used when detecting Active Directory site membership.
3268 Used for LDAP searches against Active Directory Global Catalogs. TCP is always used when searching against the Global Catalog.
88 Used for Kerberos authentication and Kerberos service ticket requests against Active Directory Domain Controllers. TCP is used by default.
464 Used for changing and setting passwords against Active Directory using the Kerberos change password protocol. Safeguard Authentication Services always uses TCP for password operations.
53 Used for DNS. Since Safeguard Authentication Services uses DNS to locate domain controllers, DNS servers used by the Unix hosts must serve Active Directory DNS SRV records. Both UDP and TCP are used.
123 UDP only. Used for time-synchronization with Active Directory.
445 CIFS port used to enable the client to retrieve configured group policy.

Note: Safeguard Authentication Services, by default, operates as a client, initiating connections. It does not require any firewall exceptions for incoming traffic.

Installing and configuring Safeguard Authentication Services

To extend the authentication, authorization, and administration infrastructure of Active Directory to the rest of your enterprise, allowing Unix, Linux, and macOS systems to act as full citizens within Active Directory, you must install and configure Safeguard Authentication Services:

  1. Install Safeguard Authentication Services Windows components.
  2. Configure Active Directory for Safeguard Authentication Services (one time only).
  3. Configure Unix Agent Components
    1. Prepare the Unix hosts for Active Directory user access:
      • Add and profile a host.
      • Check the host for readiness to join Active Directory.
      • Install Safeguard Authentication Services agent software packages on the host to allow Active Directory user access.

        Note: For users to authenticate on Unix, Linux, and macOS hosts with Active Directory credentials, your Unix hosts must have the Safeguard Authentication Services agent installed.

      • Join the host to Active Directory.

Install Safeguard Authentication Services Windows components

One Identity recommends that you install the Windows components and configure Active Directory before you install the Unix components.

Related Topics

Installing Windows components

Customizing installation options

Installing using msiexec.exe

Installing Windows components

Install Safeguard Authentication Services on each Windows Workstation you plan to use to administer Unix data in Active Directory.

To install the Safeguard Authentication Services Windows components

  1. From the Autorun Setup tab, click Safeguard Authentication Services to launch the setup wizard.
  2. In the Software License Agreement dialog, accept the terms of the End User License Agreement and click Install.

    The Safeguard Authentication Services Setup wizard installs all Safeguard Authentication Services components by default.

    To only install specific components, click the Customize installation options link. For more information, see Customize Installation Options in the Safeguard Authentication Services Installation Guide.

  3. Once the installation completes successfully, click Finish or Launch Control Center.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级