One Identity recommends that you install One Identity Management Console for Unix, a separate One Identity product which provides a mangement console that is a powerful and easy-to-use tool that dramatically simplifies deployment of Authentication Services agents to your clients. The mangement console streamlines the overall management of your Unix, Linux, and Mac OS X hosts by enabling centralized management of local Unix users and groups and providing granular reports on key data and attributes.
Prior to installing Management Console for Unix, ensure your system meets the minimum hardware and software requirements for your platform.
|Supported Windows Platforms||
Can be installed on 32-bit or 64-bit editions of the following configurations:
You can install Management Console for Unix on any platform that has 32-bit Sun JRE (Java Runtime Environment) 1.6.
|Managed Host Requirements||
Click here to view a list of supported Unix, Linux, and Mac OS X platforms that the server can manage; that is, hosts you can add and profile from the mangement console.
|Default memory requirement:||
|Supported Web Browsers||
The mangement console officially supports the following web browsers:
Authentication Services must be able to communicate with Active Directory including domain controllers, global catalogs and DNS servers using Kerberos, LDAP and DNS protocols. The following table summarizes the network ports that must be open and their function.
|389||Used for LDAP searches against Active Directory Domain Controllers. TCP is normally used, but UDP is used when detecting the Active Directory site membership.|
|3268||Used for LDAP searches against Active Directory Global Catalogs. TCP is always used when searching against the Global Catalog.|
|88||Used for Kerberos authentication and Kerberos service ticket requests against Active Directory Domain Controllers. TCP is used by default.|
|464||Used for changing and setting passwords against Active Directory using the Kerberos change password protocol. Authentication Services always uses TCP for password operations.|
|53||Used for DNS. Since Authentication Services uses DNS to locate domain controllers, DNS servers used by the Unix hosts must serve Active Directory DNS SRV records. Both UDP and TCP are used.|
|123||UDP only. Used for time-synchronization with Active Directory.|
|445||CIFS port used to enable the client to retrieve configured group policy.|
Note: Authentication Services, by default, operates as a client, initiating connections. It does not require any firewall exceptions for incoming traffic.
To extend the authentication, authorization, and administration infrastructure of Active Directory to the rest of your enterprise, allowing Unix, Linux, and Mac OS X systems to act as full citizens within Active Directory, you must install and configure Authentication Services.
This section explains the steps you must take in detail:
Note: For users to authenticate on Unix, Linux, and Mac OS X hosts with Active Directory credentials, your Unix hosts must have the Authentication Services agent installed.
In preparing for your Authentication Services installation, One Identity recommends that you install Management Console for Unix. This provides a mangement console that is a powerful and easy-to-use tool that dramatically simplifies deployment, enables management of local Unix users and groups, provides granular reports on key data and attributes, and streamlines the overall management of your Unix, Linux, and Mac OS X hosts.
You can install the mangement console on Windows, Unix, or Mac OS X computers. Each hosting platform prompts for similar information.
The following install files are located on the Authentication Services distribution media under mcu | server:
where "n.n" indicates the product version number.
The Management Console for Unix Administrator’s Guide contains detailed instructions for installing the mangement console on all of these platforms. Use the following procedure to install the console on a supported Windows platform from the Authentication Services 4.1 distribution media.
Of course, you can install Authentication Services without using Management Console for Unix. You can find those instructions in the Installing and Joining from the Unix Command Line section of the Authentication Services Installation Guide, located in Control Center Tools view or in the docs directory of the installation media. However, for the purposes of the examples in this guide, it is assumed that you will install and configure Authentication Services Unix agent components by means of Management Console for Unix.