Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Upgrade Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services What's new in Authentication Services 4.1 Upgrade from 3.5 to 4.1 considerations Upgrade the web console Upgrade Authentication Services Windows components Configure Active Directory for Authentication Services Configure Unix agent components Upgrade Authentication Services client components manually Getting started with Authentication Services Troubleshooting

New and deprecated Unix platform support

Authentication Services 4.1 added support for Mac OS X 10.8; and, dropped support for the following platforms:

  • Mac OS X 10.6

For the most accurate list of supported platforms, please consult the Authentication Services Platform Support table on Authentication Services Platform Support.

Upgrade from 3.5 to 4.1 considerations

There were some significant changes in Authentication Services 4.0. Some of the changes could result in unexpected behavior unless you take the appropriate action before upgrading.

Active Directory settings changes

In VAS 3.5 settings that affected the Active Directory Users and Computers MMC snapin behavior were set in the VAS Configuration Utility and only affected the local workstation. Authentication Services 4.x no longer includes the VAS Configuration Utility and has moved the Active Directory Users and Computers MMC snapin behavior settings to the Control Center in Active Directory. Because the settings are stored in Active Directory, they affect the behavior of all workstations running Authentication Services 4.x in the mangement console, ADUC snapins and PowerShell.

To verify these settings

  1. From the Control Center navigate to the Preferences view.
  2. Validate the Global Unix Options and the Custom Unix Attributes.

UID and GID changes

To help you avoid ID conflicts with existing local users, in Authentication Services 4.x you can set global minimum and maximum values for UID number and GID number in the Control Center on the Preferences page under Global Unix Options. Authentication Services management tools enforce these minimum and maximum values.

Note: Authentication Services 4.x accepts existing UID and GID numbers, however if you modify them later, you must conform to the global minimum and maximum values.

By default, Authentication Services 4.x uses a new algorithm for generating unique Unix ID numbers. Unix ID numbers are generated based on the object GUID of the Active Directory user or group. You can modify this behavior in Control Center.

The following three algorithms are supported:

  • Object GUID Hash:

    The ID is based on a hash of the object GUID.

  • Samba:

    The ID is based on a combination of the SID and object RID.

  • Legacy:

    The ID is generated by searching Active Directory for existing IDs. This is the algorithm used in 3.x.

If the Object GUID Hash or Samba methods do not produce a unique ID, the Legacy algorithm is used as a fallback to produce a unique ID.

Related Documents