Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Installation Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Installing and configuring Authentication Services Installing and joining from the Unix command line Getting started with Authentication Services Troubleshooting Enterprise package deployment

Installing licenses from the command line

With root privileges, you can manually install a valid license by copying the new license file to the licenses directory on the Unix host.

To install a Authentication Services license manually

  1. Copy the license file to the /etc/opt/quest/vas/.licenses directory.
  2. Ensure the permissions on the license file are set to 0644.
  3. Restart vasd as root by running the command corresponding to your platform:
    • Linux/Solaris:
      /etc/init.d/vasd restart
    • HPUX:
      /sbin/init.d/vasd restart
    • AIX:
      /etc/rc.d/init.d/vasd restart
    • Mac OS X:
      launchctl unload /Library/LaunchDaemons/com.quest.vasd.plist
      launchctl load /Library/LaunchDaemons/com.quest.vasd.plist

Creating the application configuration from the Unix command line

Before you join a Unix client to an Active Directory domain, One Identity recommends that you create the application configuration in the domain to which you are joining to utilize full Authentication Services 4.1 functionality. While the Authentication Services Active Directory Configuration Wizard starts automatically to help you configure Active Directory for Authentication Services the first time you start the Control Center, you do not need to have a Windows console to create the application configuration. You can run the vastool configure ad command from the Unix command line to create it. This is typically a one-time process.

Note: You only need to create one Authentication Services application configuration per forest. For more information, see Version 3 compatibility mode.

To create the Authentication Services application configuration

  1. Run the following command from the Unix command line:
    # /opt/quest/bin/vastool ad -u <user> configure -d <domain>

    By default Authentication Services creates the application configuration in the Program Data container; however, if you do not have rights to create an organizational unit in the Program Data container, you can create the Authentication Services application configuration in any location you have rights to by specifying the DN (distinguished name) of the creation location, as follows:

    vastool -u <user> configure -d <domain> ou cn=myou,dc=example,dc=com
  2. Enter the user’s password when prompted.

Changing the schema configuration mode

When you create the Authentication Services application configuration, you set the global schema configuration mode to R2 by default. However you can optionally configure Authentication Services for "schemaless" operation using the schema configure command.

To switch to a schemaless configuration

  1. Run the following command:
    # /opt/quest/bin/vastool -u <user> schema -d <domain> configure schemaless

    The schema configure command only allows you to set the schema mode to either R2 or "schemaless" modes. To set the schema configuration to any other mode, you must do so from the Control CenterPreferences.

  2. Enter the user’s password when prompted.

Joining the domain

For full Authentication Services functionality on Unix, you must join the Unix system on which you installed the Authentication Services agent to the Active Directory domain. You can join an Active Directory domain either by running vastool join from the command line or the interactive join script, vasjoin.sh.

Before you join the Unix host to the Active Directory domain, you may want to determine if you are already joined.

To determine if you are joined to an Active Directory domain

  1. Run the following command.
    # /opt/quest/bin/vastool info domain

    If you are joined to a valid domain this command returns the domain name. If you are not joined to a domain, you will see the following error:

    ERROR: No domain could be found.
    ERROR: VAS_ERR_CONFIG: at ctx.c:414 in _ctx_init_default_realm
    default_realm not configured in vas.conf. Computer may not be joined to domain
Related Documents