Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Upgrade Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services What's new in Authentication Services 4.1 Upgrade from 3.5 to 4.1 considerations Upgrade the web console Upgrade Authentication Services Windows components Configure Active Directory for Authentication Services Configure Unix agent components Upgrade Authentication Services client components manually Getting started with Authentication Services Troubleshooting

Schema configuration changes

In VAS 3.5.x all schema configuration was stored on each host machine as local settings in the agent configuration file (vas.conf). Because of this, you had to modify schema configuration on a client-by-client basis. In Authentication Services 4.x, the majority of these schema settings are stored globally in the Active Directory configuration. This results in the deprecation of a number of client-specific schema customization options, including:

  • groupname-attr-name
  • uid-number-attr-name
  • gid-number-attr-name
  • gecos-attr-name
  • homedir-attr-name
  • login-shell-attr-name
If you are using any of these settings in an existing 3.x install, you need to ensure that Active Directory has been configured with the correct schema mapping information before proceeding with agent upgrade.

Additionally in Authentication Services 4.x, the agent no longer uses the memberof-attr-name setting. If you set it in the client configuration file, it is ignored.

To verify schema settings

  1. From the Control Center, navigate to the Preferences view.
  2. Validate the settings in the Custom Unix Attributes section.
Related Topics

Multi-schema handling

Default user login name change

Multi-schema handling

In VAS 3.5.x, you had to use the same schema for all forests in your domain. Authentication Services 4.x allows you to use different schemas for each forest in your domain.

Default user login name change

In VAS 3.5.x, the default user login name was the User Principal Name. However, Authentication Services 4.x uses the sAMAccountName as the default user login name.

To change the default user login name to the User Principal Name

  1. From the Control Center, navigate to Preferences | Custom Unix Attributes and click Customize
  2. Change the value in the User Login Name box to userPrincipalName and click OK.
  3. At the Confirm Schema Configuration Change dialog, click Yes.

Note: See the Authentication Services Installation Guide for more information about how to use the Control Center.

Functionality changes

Functionality that you may be familiar with in VAS 3.5 has been changed.

Related Topics

Changes in VASTOOL output

Internal database changes

vasfilter adm was removed

PAM module changes

Related Documents