Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Safeguard Authentication Services 4.1.5 - Installation Guide

Table of Contents

One Identity Privileged Access Suite for Unix

About this guide

Introducing One Identity Authentication Services

Licensing Authentication Services System requirements

Windows management tools requirements

Authentication Services Windows components Windows permissions

Unix agent requirements

Authentication Services Unix components Authentication Services permissions matrix Authentication Services encryption types

Management Console for Unix requirements

Network requirements

Installing and configuring Authentication Services

Install the management console

Installing and configuring the management console

Install Authentication Services Windows components

Installing Authentication Services Windows components Customize installation options Installation using msiexec.exe

Configure Active Directory for Authentication Services

Configuring Active Directory for Authentication Services

About Active Directory configuration Join the host to AD without the Authentication Services application configuration Version 3 compatibility mode

Configure Unix agent components

Setup Management Console for Unix

Configure the console for Active Directory logon Setup console access by role Identify Console Set Supervisor Password dialog Summary dialog

Management Console for Unix log on page Prepare Unix hosts

Add hosts to the management console Profile hosts

Profile automatically

Install software on hosts Check readiness Join hosts to Active Directory Check QAS agent status

Check QAS Agent Status Manually Check QAS Agent Status Automatically

Installing and joining from the Unix command line

The Authentication Services pre-installation diagnostic tool

Running preflight

The Authentication Services install script

Installing the Authentication Services agent Installation script options

Licensing Authentication Services

Verifying Authentication Services license information Installing licenses from the command line

Creating the application configuration from the Unix command line

Changing the schema configuration mode

Joining the domain

Joining the domain using VASTOOL Joining the domain using VASJOIN script Dynamic DNS update tool

Getting started with Authentication Services

Getting acquainted with the Control Center

Management console Group Policy

Filter options Edit GPO Settings report Show Files Launch GPMC

Tools Preferences

Add licenses using the Control Center

Global Unix Options Logging options

Enable debug logging on Windows

Custom Unix attributes

Active Directory schema extensions Configure a custom schema mapping Active Directory optimization

Learning the basics

Add a local group Add local user account Add an Active Directory group account Add an Active Directory user account Change the default Unix attributes Active Directory account administration

Enable local user for AD authentication Test the mapped user login Unix-enable an Active Directory group Unix-enable an Active Directory user Test the Active Directory user login

Host reports User reports Group reports Access & Privileges reports Product Licenses Usage reports

Use Authentication Services PowerShell

Unix-enable a user and user group PowerShell cmdlets

Change Auditor for Authentication Services

Install Change Auditor for Authentication Services

One Identity Defender

Install One Identity Defender

Troubleshooting

Getting help from technical support Disaster recovery Long startup delays on Windows Pointer Record updates are rejected Resolving DNS problems Resolving preflight failures System optimization Time synchronization problems Unable to install or upgrade Unable to join the domain Unable to log in vasypd has unsatisfied dependencies

Enterprise package deployment

Install the Authentication Services agent package Authentication Services agent upgrade commands

Restarting Authentication Services Services

Uninstall the Authentication Services agent packages Solaris 10 zones/containers support

Authentication Services and Solaris 10 Zones installation guidelines

Authentication Services and Solaris 10 Zones installation guidelines

Enterprise package deployment > Solaris 10 zones/containers support > Authentication Services and Solaris 10 Zones installation guidelines

To install Authentication Services in a Solaris 10 Zones configuration

In Solaris 10 Zones, only the global zone is permitted to do time synchronization. Therefore, if you want to run Authentication Services in "any" Solaris Zone configuration, you must timesync the Global Zone with Active Directory. Time synchronization is a requirement of the Kerberos protocol and since Authentication Services is built on Kerberos, Authentication Services also has this requirement.
The same version of Authentication Services should be installed in any combination of global, whole root, and sparse root zone configurations.
To disable time synchronization for Authentication Services on the sparse zone, run the below command:
```
vastool configure vas vasd timesync-interval 0
```
The following symlinks must exist in the global zone in order for the sparse zones to work correctly:
- /usr/lib/security/pam_vas3.so | /opt/quest/usr/lib/security/pam_vas3.so
- /usr/lib/security/sparcv9/pam_vas3.so | /opt/quest/usr/lib/security/sparcv9/pam_vas3.so
If /usr is shared, you need the following symlinks in the global zone pointing to counterpart files in /opt/quest/lib:
- /usr/lib/nss_vas4.so.1 | /opt/quest/lib/nss/nss_vas4.so.1
- /usr/lib/security/pam_vas3.so | /opt/quest/usr/lib/security/pam_vas3.so
In such a scenario, you do not need Authentication Services joined to a domain in the global zone in order for sparse zones to work, but the symlinks must exist.

Each zone must have its own unique copy of /etc and /var because Authentication Services stores zone-specific information in those locations. Sharing /etc and /var with the global zone is not a supported configuration.

Related Documents

© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy