Once you have installed and configured the primary policy server, you are ready to install a PM Agent on a remote host.
Once you have installed and configured the primary policy server, you are ready to install a PM Agent on a remote host.
To check a PM Agent host for installation readiness
Log on to the remote host system as the root user and navigate to the files you extracted on the primary policy server.
From the root directory, run a readiness check to verify the host meets the requirements for installing and using the PM Agent, by running:
# sh preflight.sh --pmpolicy --policyserver <primary_policy_server>
where <primary_policy_server> is the hostname of the primary policy server.
Running preflight.sh --pmpolicy performs these tests:
Basic Network Conditions:
Hostname is configured
Hostname can be resolved
Reverse lookup returns it own IP
Privilege Manager for Unix Client Network Requirements
PM Agent port is available (TCP/IP port 12346)
Tunnel port is available (TCP/IP port 12347)
Policy Server Connectivity
Hostname of policy server can be resolved
Can ping the policy server
Can make a connection to policy server
Policy server is eligible for a join
Policy server can make a connection to the PM Agent on port 12346
Resolve any reported issues and rerun pmpreflight until all tests pass.
To install an agent on a remote host
Log on as the root user.
Change to the directory containing the qpm-agent package for your specific platform. For example, on a 64-bit Red Hat Linux, enter:
# cd agent/linux-x86_64
Run the platform-specific installer. For example, on Red Hat Linux run:
# rpm --install qpm-agent-*.rpm
Once you install the Privilege Manager for Unix agent package, the next task is to join the agent to the policy server.
Once you have installed a Privilege Manager for Unix agent on a remote host you are ready to join it to the primary policy server.
To join a PM Agent to the primary policy server
From the command line of the remote host, run:
# /opt/quest/sbin/pmjoin <primary_policy_server>.example.com
where <primary_policy_server> is the name of the primary policy server host.
If you are not running the pmjoin command on a policy server, it requires that you specify the name of a policy server within a policy group.
The pmjoin command supports many command line options. For more details, see pmjoin or run pmjoin with the -h option to display the help.
When you run pmjoin with no options, the configuration script automatically configures the agent with default settings. For details about the default and alternate agent configuration settings, see Agent configuration settings.
You can modify the /etc/opt/quest/qpm4u/pm.settings file later, if you want to change one of the settings. For more details, see PM settings variables.
When you run pmjoin with the -i (interactive) option, the configuration script gathers information from you by asking you a series of questions. During this interview, you are allowed to either accept a default setting or set an alternate setting.
Once you have completed the configuration script interview, it configures the agent and joins it to the policy server.
Running pmjoin performs the configuration of the Privilege Manager for Unix agent, including modifying the pm.settings file and starting up the pmserviced daemon.
When you run pmjoin for the first time, it asks you to read and accept the End User License Agreement (EULA).
Once you complete the agent configuration script (by running the pmjoin command), it:
Enables the pmlocald service
Updates the pm.settings file
Creates wrappers for the installed shells
Updates /etc/shells
Reloads the pmserviced configuration
Checks the connection to the policy server host
To verify that the agent installation has been successful, run
# pmclientinfo
This returns displays configuration information about a client host. For more details, see pmclientinfo.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center