Chatta subito con l'assistenza

Ottieni assistenza in tempo reale
Completa la registrazione

Accedi

Richiedi prezzo

Contatta il supporto vendite

Safeguard Authentication Services 5.1 - Installation Guide

Table of Contents

Privileged Access Suite for Unix

About this guide

Introducing One Identity Safeguard Authentication Services

About licenses System requirements

Windows and cloud requirements

Windows components Windows permissions

Unix agent requirements

Unix components Permissions matrix Encryption types

Network requirements

Installing and configuring Safeguard Authentication Services

Install Safeguard Authentication Services Windows components

Installing Windows components Customizing installation options Installing using msiexec.exe

Configure Active Directory

Configuring Active Directory

About Active Directory configuration Join the host to AD without the Safeguard Authentication Services application configuration Version 3 Compatibility Mode

Installing and joining from the Unix command line

Verifying package signature The pre-installation diagnostic tool

Running preflight

The install script

Installing the Safeguard Authentication Services agent Installation script options

Licensing Safeguard Authentication Services

Verifying license information Installing licenses from the command line

Creating the application configuration from the Unix command line

Changing the schema configuration mode

Joining the domain

Joining the domain using VASTOOL Joining the domain using VASJOIN script Dynamic DNS update tool

Getting started with Safeguard Authentication Services

Getting acquainted with the Control Center

Filtering the list of GPOs Editing a GPO Generating a settings report Showing files Launching GPMC

Tools Preferences

Adding licenses using the Control Center

Display specifiers

Registering display specifiers Unregistering display specifiers Display specifier registration tables

Global Unix Options Logging Options

Enabling debug logging on Windows

Schema Attributes

Unix Attributes

Active Directory schema extensions Configuring a custom schema mapping Active Directory optimization

Use Safeguard Authentication Services PowerShell

Unix-enabling a user and user group (PowerShell Console) PowerShell cmdlets

Change Auditor for Authentication Services

Installing Change Auditor for Authentication Services

Installing Defender

Troubleshooting

Getting help from technical support Disaster recovery Long startup delays on Windows Pointer Record updates are rejected Resolving DNS problems Resolving preflight failures Time synchronization problems Unable to install or upgrade Unable to join the domain Unable to log in vasypd has unsatisfied dependencies

Enterprise package deployment

Installing the agent package Agent upgrade commands

Restarting services

Uninstalling the agent packages Oracle Solaris 10 zones/containers support

Safeguard Authentication Services and Oracle Solaris 10 Zones installation guidelines

Safeguard Authentication Services and Oracle Solaris 10 Zones installation guidelines

Enterprise package deployment > Oracle Solaris 10 zones/containers support > Safeguard Authentication Services and Oracle Solaris 10 Zones installation guidelines

To install Safeguard Authentication Services in a Oracle Solaris 10 Zones configuration

In Oracle Solaris 10 Zones, only the global zone is permitted to do time synchronization. Therefore, if you want to run Safeguard Authentication Services in any Oracle Solaris Zone configuration, you must timesync the Global Zone with Active Directory. Time synchronization is a requirement of the Kerberos protocol and since Safeguard Authentication Services is built on Kerberos, Safeguard Authentication Services also has this requirement.
The same version of Safeguard Authentication Services should be installed in any combination of global, whole root, and sparse root zone configurations.
To disable time synchronization for Safeguard Authentication Services on the sparse zone, run the below command:
```
vastool configure vas vasd timesync-interval 0
```
The following symlinks must exist in the global zone in order for the sparse zones to work correctly:
- /usr/lib/security/pam_vas3.so | /opt/quest/usr/lib/security/pam_vas3.so
- /usr/lib/security/sparcv9/pam_vas3.so | /opt/quest/usr/lib/security/sparcv9/pam_vas3.so
If /usr is shared, you need the following symlinks in the global zone pointing to counterpart files in /opt/quest/lib:
- /usr/lib/nss_vas4.so.1 | /opt/quest/lib/nss/nss_vas4.so.1
- /usr/lib/security/pam_vas3.so | /opt/quest/usr/lib/security/pam_vas3.so
In such a scenario, you do not need Safeguard Authentication Services joined to a domain in the global zone in order for sparse zones to work, but the symlinks must exist.

Each zone must have its own unique copy of /etc and /var because Safeguard Authentication Services stores zone-specific information in those locations. Sharing /etc and /var with the global zone is not a supported configuration.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Termini di utilizzo Privacy Cookie Preference Center