Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Installation Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Installing and configuring Authentication Services Installing and joining from the Unix command line Getting started with Authentication Services Troubleshooting Enterprise package deployment

Authentication Services agent upgrade commands

To upgrade the Authentication Services agent package

  1. Log in and open a root shell.
  2. Mount the installation DVD and run the appropriate command.

    (See Notes for additional configuration information.)

    Table 32: Authentication Services: Agent upgrade commands
    Platform Command
    Linux x86 - RPM # rpm -Uhv /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.rpm
    Linux x64 - RPM # rpm -Uhv /<mount>/client/linux-x86_64/vasclnt-<version>-<build>.x86_64.rpm
    Linux x86 - DEB # dpkg -i /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.deb
    Linux x64 - DEB # dpkg -i /<mount>/client/linux-x86_64/vasclnt-<version>-<build>_amd64.deb
    Linux s390 # rpm -Uhv /<mount>/client/linux-s390/vasclnt-<version>-<build>.s390.rpm
    Linux s390x # rpm -Uhv /<mount>/client/linux-s390x/vasclnt-<version>-<build>.s390x.rpm
    VMware ESX 3.x # rpm -Uhv /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.rpm
    VMware ESX 4.1 # rpm -Uhv /<mount>/client/linux-x86_64/vasclnt-<version>-<build>.x86_64.rpm
    SLES 8 PPC # rpm -Uhv /<mount>/client/linux-glibc22-ppc64/vasclnt-glibc22-<version>-<build>.ppc64.rpm
    SLES 9 PPC # rpm -Uhv /<mount>/client/linux-glibc23-ppc64/vasclnt-glibc23-<version>-<build>.ppc64.rpm
    Solaris 8-10 x86 # pkgadd -d /<mount>/client/solaris8-x86/vasclnt_SunOS_5.8_i386-<version>-<build>.pkg vasclnt
    Solaris 10 x64 # pkgadd -d /<mount>/client/solaris10-x64/vasclnt_SunOS_5.10_i386-<version>-<build>.pkg vasclnt
    Solaris 8-10 SPARC # pkgadd -d /<mount>/client/solaris8-sparc/vasclnt_SunOS_5.8_sparc-<version>-<build>.pkg vasclnt
    HP-UX PA-RISC 11i v1 (B.11.11) # swinstall -s /<mount>/client/hpux-pa/vasclnt_9000-<version>-<build>.depot vaslcnt
    HP-UX PA-RISC 11i v2 (B.11.23), 11i v3 (B.11.31) # swinstall -s /<mount>/client/hpux-pa-11v1/vasclnt_hpux-11.11-<version>-<build>.depot vasclnt
    HP-UX IA64 11i v1.6 (B.11.22), 11i v2 (B.11.23), 11i v3 (B.11.31) # swinstall -s /<mount>/client/hpux-ia64/vasclnt_ia64-<version>-<build>.depot vasclnt
    AIX 4.3.3 # installp -acXd /<mount>/client/aix-43/vasclnt.AIX_4.3.<version>-<build>.bff all
    AIX 5.1 – 5.2 # installp -acXd /<mount>/client/aix-51/vasclnt.AIX_5.1.<version>-<build>.bff all
    AIX 5.3 – 6.1 # installp -acXd /<mount>/client/aix-53/vasclnt.AIX_5.3.<version>-<build>.bff all
    Mac OS X /usr/sbin/installer -pkg '/<mount>/VAS.mpkg/Contents/Packages/vasclnt.pkg' -target /
Additional Configuration Information:

Note: During the upgrade, vasd reloads and updates its user and group cache. To restart the Authentication Services caching service, see Restarting Authentication Services services.

Note: If you are using the licensed version of the Authentication Services agent earlier than 3.0, see Licensing Authentication Services for licensing instructions.

Note: VMware: VMware provides a Host Update Utility to upgrade an ESX 3.5 agent to 4.0, but if Authentication Services is left installed and configured during the procedure, the machine will be inaccessible after the upgrade. This is because the previous 3.5 installation is pushed aside and mounted under the /esx3-installation directory, but all the key configuration files, like /etc/nsswitch.conf and the pam.d directory, are preserved.

If Authentication Services is still configured in those files it leaves the machine in a bad state. Because of this, One Identity recommends that you uninstall Authentication Services before attempting to upgrade to ESX 4.0. In the vSphere Upgrade Guide, VMware warns that "no third-party management agents or third-party software applications are migrated," but it does not explicitly say they should be uninstalled prior to upgrade.

Should you accidentally leave Authentication Services installed or configured during the upgrade, use the following steps to fix the machine:

  1. Boot into single user mode
  2. Copy /etc/pam.d/vmware-authd.esx4 over /etc/pam.d/vmware-authd (backup vmware-authd first if desired)
  3. Copy /etc/pam.d/system-auth-generic.esx4 over /etc/pam.d/system-auth-generic
  4. Remove "vas4" from the passwd, group, and any other configured lines in nsswitch.conf
  5. Reboot the machine--the machine should now be accessible
  6. Install the linux-x86_64Authentication Services packages

Note: Solaris: The -a vasclient-defaults option specifies an alternative default file for pkgadd administrative options that allows pkgadd to overwrite an existing package with a new package.

pkgadd does not support the concept of upgrading a package, so this allows you to upgrade without having to rejoin your machine to the Active Directory domain, or uninstalling the old version first.

Note: HP-UX: Reboot the HP-UX machine to ensure that all of the new files are installed. HP-UX does not allow you to overwrite files that are in use—this is done as part of the boot sequence.

Restarting Authentication Services Services

  1. The method for restarting services varies by platform:
    1. To restart Authentication Services on Linux or Solaris, enter:
      /etc/init.d/vasd restart
    2. To restart Authentication Services on HP-UX, enter:
      /sbin/init.d/vasd restart
    3. To restart Authentication Services on AIX, enter:
      stopsrc -s vasd
startsrc -s vasd

Note: Due to library changes between the Authentication Services 3.x and 4.1, One Identity recommends that you restart all long-lived processes that use Authentication Services data to force a reload of the newer libraries. For example, you must restart cron.

Uninstall the Authentication Services agent packages

To uninstall the Authentication Services agent packages

  1. Log in and open a root shell.
  2. Run the following commands to remove the packages.

    (See Notes for additional configuration information.)

    Table 33: Authentication Services: Agent uninstall commands
    Package Command
    RPM # rpm -e vasclnt
    DEB # dpkg -r vaslcnt
    Solaris # pkgrm vasclnt
    HP-UX # swremove vasclnt
    AIX # installp -u vasclnt
    Mac OS X /<mount>/Uninstall.app/Contents/MacOS/Uninstall' --console --force vasclnt
Additional Configuration Information:
  • Linux: The rpm –e vasclnt and the dpkg -r vaslcnt commands run scripts that halt the daemon, unconfigure Authentication Services, flush and delete the Authentication Services cache before finally removing the files.
  • HP-UX: The swremove vasclnt command does not clean up the empty directories that the vasclnt package used. In order to clean these up, manually remove the /opt/quest directory after you uninstall.

Solaris 10 zones/containers support

Sun introduced Zones (or containers) in Solaris 10. Zones is a partitioning technology used to virtualize operating system services and provide an isolated and secure environment for running applications. There are two types of non-global zone root filesystem models:

  • sparse root
  • whole root

The sparse root zone model optimizes the sharing of objects while the whole root zone model provides the maximum configurability. Additional information on Solaris 10 and Zones can be found at www.sun.com.

Related Documents