Chatee ahora con Soporte
Chat con el soporte

Safeguard Authentication Services 5.1 - Installation Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Installing and configuring Safeguard Authentication Services Installing and joining from the Unix command line Getting started with Safeguard Authentication Services Troubleshooting Enterprise package deployment

Unable to log in

If you are unable to log in as an Active Directory user after installing, check the following:

  1. Log in as root on the Unix host.
  2. Check the status of the Safeguard Authentication Services subsystems. To do this, run the following command:
    vastool status

    Correct any errors reported by the status command, then try logging in again.

  3. Ensure the user exists locally and is allowed to log in. To check this, run the following command:
    vastool user checklogin <username> 

    The output displays whether the user is a known Active Directory user. If not, you may need to map the user to an Active Directory account or Unix-enable the Active Directory account. If the user is known, an access control rule may prevent them from logging in. The output of the command displays which access control rules are in effect for the user.

You may need to restart window managers such as gdm in order for the window manager to reload NSS modules. Until the window manager reloads the NSS configuration, you will be unable to log in with an Active Directory user. Other services such as cron may also be affected by NSS changes. If you are unsure which services need to be reloaded, reboot the system.

Note:

If you are configuring Safeguard Authentication Services on VMwareESX Server vSphere (ESX 4.0) the reason you can not log in may be related to access control issues. See Configuring Access Control on ESX 4 in the Safeguard Authentication Services Administration Guide.

vasypd has unsatisfied dependencies

If you receive the following error message while installing the Safeguard Authentication Services vasypd Unix component, the rpcbind service may not be enabled.

svcadm: Instance "svc:/quest/vas/vasypd:default" has unsatisfied dependencies.
Error 4 starting vasypd

To enable the rpcbind service

  1. Check the dependencies of vasypd:
    # svcs -d quest/vas/vasypd
    STATE          STIME    FMRI
    disabled       Sep_14   svc:/network/rpc/bind:default
    online         Sep_14   svc:/milestone/single-user:default
    online         Sep_14   svc:/system/filesystem/local:default
    
  2. If rpcbind is disabled, run this command to enable it:
    # /usr/sbin/svcadm enable -s /network/rpc/bind
  3. Run the following command to start vasypd:
    # /etc/init.d/vasypd start

yp-tools dependency is not available from rpm package manager

  1. Enable Extra Packages for Enterprise Linux (EPEL).

  2. Install Development Tools on RHEL, CentOS, Fedora, Scientific or Red Hat Enterprise Linux.

  3. Install nsl library, ti-rpc and rpcbind yum install libnsl2-devel libtirpc-devel rpcbind.

  4. Get the yp-tools source codes from Github.com/thkuk

    https://github.com/thkukuk

    https://www.thkukuk.de/nis/nis/

    The required repositories are:

    • yp-tools

    • ypbind-mt

    The repositories contain an INSTALL helper guide.

  5. Create a systemd service file for ybind-mt.

Enterprise package deployment

This section details how to install, upgrade, and uninstall the Safeguard Authentication Services agent on supported platforms in an enterprise environment using platform package management tools.

Installing the agent package

To install the Safeguard Authentication Services agent package

  1. Log in and open a root shell.
  2. Mount the installation ISO and run the appropriate command.

    See Additional configuration information that follows the table.

    Table 29: Authentication Services: Agent commands
    Platform Command

    Linux x86 - RPM

    # rpm -Uhv /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.rpm

    Linux x64 - RPM

    # rpm -Uhv /<mount>/client/linux-x86_64/vasclnt-<version>-<build>.x86_64.rpm

    Linux x86 - DEB

    # dpkg -i /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.deb

    Linux x64 - DEB

    # dpkg -i /<mount>/client/linux-x86_64/vasclnt-<version>-<build>_amd64.deb

    Linux s390

    # rpm -Uhv /<mount>/client/linux-s390/vasclnt-<version>-<build>.s390.rpm

    Linux s390x

    # rpm -Uhv /<mount>/client/linux-s390x/vasclnt-<version>-<build>.s390x.rpm

    SLES 11, 12, and 15 PPC

    # rpm -Uhv /<mount>/client/linux-glibc23-ppc64/vasclnt-glibc23-<version>-<build>.ppc64.rpm

    Oracle Solaris 10 and 11 x64

    # pkgadd -d /<mount>/client/solaris10-x64/vasclnt_SunOS_5.10_i386-<version>-<build>.pkg vasclnt

    Oracle Solaris 10 and 11 SPARC

    # pkgadd -d /<mount>/client/solaris10-sparc/vasclnt_SunOS_5.8_sparc-<version>-<build>.pkg vasclnt

    HP-UX PA-RISC 11i v3 (B.11.31)

    # swinstall -s /<mount>/client/hpux-pa-11v1/vasclnt_hpux-11.11-<version>-<build>.depot vasclnt

    HP-UX IA64 11i v3 (B.11.31)

    # swinstall -s /<mount>/client/hpux-ia64/vasclnt_ia64-<version>-<build>.depot vasclnt

    AIX 7.1 and 7.2

    # installp -acXd /<mount>/client/aix-71/vasclnt.AIX_5.3.<version>-<build>.bff all

    Mac OS X

    /usr/sbin/installer -pkg '/<mount>/VAS.mpkg/Contents/Packages/vasclnt.pkg' -target /

    FreeBSD 10 and 11

    pkg /<mount>/client/freebsd-x86_64/vasclnt-<build>.txz

    Amazon Linux AMI

    # rpm - Uhv /<mount>/client/linux-x86_64/vasclnt-<build>.x86_64.rpm

Additional configuration information:
  • To enable Safeguard Authentication Services authentication for all services, you must restart all services that require Safeguard Authentication Services authentication or restart the system.
  • Linux - RPM: The x86_64 Safeguard Authentication Services rpm contains 64-bit and 32-bit libraries, and has an RPM dependency on both the 32-bit libpam library and the 64-bit libpam library. If the 64-bit Linux operating system on which you are installing Safeguard Authentication Services does not have any 32-bit supporting libraries installed, use the -- nodeps RPM flag to force the installation and avoid error messages about missing dependencies.
  • Oracle Solaris: For information on Oracle Solaris 10 Zones support and installation, see Oracle Solaris 10 zones/containers support.

    In certain situations, pkgadd requests additional information. Respond appropriately for your system configuration. Initialization scripts that are part of the vasclnt package run during installation to help configure the system.

    To install the Safeguard Authentication Servicesvasypd Unix component on Oracle Solaris 10, you must have the rpcbind service enabled on the host. See vasypd has unsatisfied dependencies for more information.

  • HP-UX: Safeguard Authentication Services requires that the Unixhost system clock be synchronized with the Active Directory server’s system clock. By default, HP-UX uses xntpd for time services. To properly synchronize the system clocks either configure xntpd to sync with a Domain Controller, or disable xntpd to allow Safeguard Authentication Services to synchronize the system time.Consult the xntpd documentation for information on disabling xntpd and configuring xntpd.

    You must reboot the HP-UX machine to ensure that all of the new files are installed.HP-UX does not allow you to overwrite files that are in use—this is done as part of the boot sequence.

  • macOS: To install from the command line, you must first mount the Safeguard Authentication Services DMG image file. On macOS enter:
    hdiutil attach <media>/client/macos-106/VAS-<version>.dmg
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación