Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Installation Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Installing and configuring Authentication Services Installing and joining from the Unix command line Getting started with Authentication Services Troubleshooting Enterprise package deployment

Unable to log in

If you are unable to log in as an Active Directory user after installing, check the following:

  1. Log in as root on the Unix host.
  2. Check the status of the Authentication Services subsystems. To do this, run the following command: 
    vastool status

    Correct any errors reported by the status command, then try logging in again.

  3. Ensure the user exists locally and is allowed to log in. To check this, run the following command: 
    vastool user checklogin <username>

    The output displays whether the user is a known Active Directory user. If not, you may need to map the user to an Active Directory account or Unix-enable the Active Directory account. If the user is known, an access control rule may prevent them from logging in. The output of the command displays which access control rules are in effect for the user.

You may need to restart window managers such as gdm in order for the window manager to reload NSS modules. Until the window manager reloads the NSS configuration, you will be unable to log in with an Active Directory user. Other services such as cron may also be affected by NSS changes. If you are unsure which services need to be reloaded, reboot the system.

Note:

If you are configuring Authentication Services on VMware ESX Server vSphere (ESX 4.0) the reason you can not log in may be related to access control issues. Please refer to Configuring Access Control on ESX 4 in the Authentication Services Administration Guide.

vasypd has unsatisfied dependencies

If you receive the following error message while installing the Authentication Services vasypd Unix component, the rpcbind service may not be enabled. 

svcadm: Instance "svc:/quest/vas/vasypd:default" has unsatisfied dependencies.
Error 4 starting vasypd

To enable the rpcbind service

  1. Check the dependencies of vasypd:
    # svcs -d quest/vas/vasypd
STATE          STIME    FMRI
disabled       Sep_14   svc:/network/rpc/bind:default
online         Sep_14   svc:/milestone/single-user:default
online         Sep_14   svc:/system/filesystem/local:default
  2. If rpcbind is disabled, run this command to enable it:
    # /usr/sbin/svcadm enable -s /network/rpc/bind
  3. Run the following command to start vasypd:
    # /etc/init.d/vasypd start

Enterprise package deployment

This section details how to install, upgrade, and uninstall the Authentication Services agent on supported platforms in an enterprise environment using platform package management tools.

Install the Authentication Services agent package

To install the Authentication Services agent package

  1. Log in and open a root shell.
  2. Mount the installation DVD and run the appropriate command.

    (See Notes below for additional configuration information.)

    Table 31: Authentication Services: Agent installation command
    Platform Command
    Linux x86 - RPM # rpm -ihv /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.rpm
    Linux x64 - RPM # rpm -ihv /<mount>/client/linux-x86_64/vasclnt-<version>-<build>.x86_64.rpm
    Linux x86 - DEB # dpkg -i /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.deb
    Linux x64 - DEB # dpkg -i /<mount>/client/linux-x86_64/vasclnt-<version>-<build>_amd64.deb
    Linux s390 # rpm -ihv /<mount>/client/linux-s390/vasclnt-<version>-<build>.s390.rpm
    Linux s390x # rpm -ihv /<mount>/client/linux-s390x/vasclnt-<version>-<build>.s390x.rpm
    VMware ESX 3.x # rpm -ihv /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.rpm
    VMware ESX 4.1 # rpm -ihv /<mount>/client/linux-x86_64/vasclnt-<version>-<build>.x86_64.rpm
    SLES 8 PPC # rpm -ihv /<mount>/client/linux-glibc22-ppc64/vasclnt-glibc22-<version>-<build>.ppc64.rpm
    SLES 9 PPC # rpm -ihv /<mount>/client/linux-glibc23-ppc64/vasclnt-glibc23-<version>-<build>.ppc64.rpm
    Solaris 8-10 x86 # pkgadd -d /<mount>/client/solaris8-x86/vasclnt_SunOS_5.8_i386-<version>-<build>.pkg vasclnt
    Solaris 10 x64 # pkgadd -d /<mount>/client/solaris10-x64/vasclnt_SunOS_5.10_i386-<version>-<build>.pkg vasclnt
    Solaris 8-10 SPARC # pkgadd -d /<mount>/client/solaris8-sparc/vasclnt_SunOS_5.8_sparc-<version>-<build>.pkg vasclnt
    HP-UX PA-RISC 11i v1 (B.11.11) # swinstall -s /<mount>/client/hpux-pa/vasclnt_9000-<version>-<build>.depot vaslcnt
    HP-UX PA-RISC 11i v2 (B.11.23), 11i v3 (B.11.31) # swinstall -s /<mount>/client/hpux-pa-11v1/vasclnt_hpux-11.11-<version>-<build>.depot vasclnt
    HP-UX IA64 11i v1.6 (B.11.22), 11i v2 (B.11.23), 11i v3 (B.11.31) # swinstall -s /<mount>/client/hpux-ia64/vasclnt_ia64-<version>-<build>.depot vasclnt
    AIX 4.3.3 # installp -acXd /<mount>/client/aix-43/vasclnt.AIX_4.3.<version>-<build>.bff all
    AIX 5.1 – 5.2 # installp -acXd /<mount>/client/aix-51/vasclnt.AIX_5.1.<version>-<build>.bff all
    AIX 5.3 – 6.1 # installp -acXd /<mount>/client/aix-53/vasclnt.AIX_5.3.<version>-<build>.bff all
    Mac OS X /usr/sbin/installer -pkg '/<mount>/VAS.mpkg/Contents/Packages/vasclnt.pkg' -target /
Additional Configuration Information:
  • To enable Authentication Services authentication for all services you must restart all services that require Authentication Services authentication or restart the system.
  • Linux - RPM: The x86_64 Authentication Services rpm contains 64-bit and 32-bit libraries, and has an RPM dependency on both the 32-bit libpam library and the 64-bit libpam library. If the 64-bit Linux operating system on which you are installing Authentication Services does not have any 32-bit supporting libraries installed, use the -- nodeps RPM flag to force the installation and avoid error messages about missing dependencies.
  • VMware: You must enter the following additional command, to configure the VMware Authentication Services:vastool configure pam vmware-authd
  • Solaris: For information on Solaris 10 Zones support and installation, see Solaris 10 zones/containers support.

    In certain situations pkgadd requests additional information. Respond appropriately for your system configuration. Initialization scripts that are part of the vasclnt package run during installation to help configure the system.

    To install the Authentication Servicesvasypd Unix component on Solaris 10, you must have the rpcbind service enabled on the host. (See vasypd has unsatisfied dependencies for more information.)

  • HP-UX: Authentication Services requires that the Unixhost system clock be synchronized with the Active Directory server’s system clock. By default, HP-UX uses xntpd for time services. To properly synchronize the system clocks either configure xntpd to sync with a Domain Controller, or disable xntpd to allow Authentication Services to synchronize the system time.Consult the xntpd documentation for information on disabling xntpd and configuring xntpd.

    You must reboot the HP-UX machine to ensure that all of the new files are installed.HP-UX does not allow you to overwrite files that are in use—this is done as part of the boot sequence.

  • Mac OS X: To install from the command line, you must first mount the Authentication Services DMG image file. On Mac OS X enter: 
    hdiutil attach <media>/client/macos-106/VAS-<version>.dmg
Related Documents