Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Safeguard Authentication Services 4.1.5 - Upgrade Guide

Table of Contents

One Identity Privileged Access Suite for Unix

About this guide

Introducing One Identity Authentication Services

Upgrade requirements

Licensing Authentication Services System requirements

Windows management tools requirements

Authentication Services Windows components Windows permissions

Unix agent requirements

Authentication Services Unix components Authentication Services permissions matrix Authentication Services encryption types

Management Console for Unix requirements

Network requirements

What's new in Authentication Services 4.1

New and deprecated Unix platform support

Upgrade from 3.5 to 4.1 considerations

Active Directory settings changes UID and GID changes User identity specification changes

Authentication Services daemon changes for upgrade Authentication Services configuration file changes Account overrides Access control changes

Changes in access control with service-level files

Client configuration changes

vas.conf [nss_vas] option changes Schema configuration changes

Multi-schema handling Default user login name change

Functionality changes

Changes in VASTOOL output Internal database changes vasfilter adm was removed PAM module changes

Upgrade the web console

Installing and configuring the management console Upgrade Identity Manager for Unix 1.x web console

Reset custom configuration settings

Upgrade Management Console for Unix 2.0

Upgrade Authentication Services Windows components

Upgrading VAS 3.5 Windows components Upgrading Authentication Services 4.x Windows components

Configure Active Directory for Authentication Services

Configuring Active Directory for Authentication Services

About Active Directory configuration Join the host to AD without the Authentication Services application configuration Version 3 compatibility mode

Configure Unix agent components

Setup Management Console for Unix

Configure the console for Active Directory logon Setup console access by role Identify Console Set Supervisor Password dialog Summary dialog

Management Console for Unix log on page Prepare Unix hosts

Add hosts to the management console Profile hosts

Profile automatically

Check readiness Install software on hosts

Upgrade Authentication Services client components manually

Upgrading VAS 3.5 from the command line

Authentication Services agent upgrade commands Restarting Authentication Services services

Getting started with Authentication Services

Getting acquainted with the Control Center

Management console Group Policy

Filter options Edit GPO Settings report Show Files Launch GPMC

Tools Preferences

Add licenses using the Control Center

Global Unix Options Logging options

Enable debug logging on Windows

Custom Unix attributes

Active Directory schema extensions Configure a custom schema mapping Active Directory optimization

Learning the basics

Add a local group Add local user account Add an Active Directory group account Add an Active Directory user account Change the default Unix attributes Active Directory account administration

Enable local user for AD authentication Test the mapped user login Unix-enable an Active Directory group Unix-enable an Active Directory user Test the Active Directory user login

Host reports User reports Group reports Access & Privileges reports Product Licenses Usage reports

Use Authentication Services PowerShell

Unix-enable a user and user group PowerShell cmdlets

Change Auditor for Authentication Services

Install Change Auditor for Authentication Services

One Identity Defender

Install One Identity Defender

Troubleshooting

Getting help from technical support Disaster recovery Long startup delays on Windows Pointer Record updates are rejected Resolving DNS problems Resolving preflight failures Time synchronization problems System optimization Unable to install or upgrade Unable to join the domain Unable to log in

Changes in VASTOOL output

Upgrade from 3.5 to 4.1 considerations > Functionality changes > Changes in VASTOOL output

Some vastool command output has changed in Authentication Services 4.x. Many error messages have been changed to be clearer and more informative. If you have scripts written to vastool you should test these scripts before rolling out an upgrade particularly if you parse vastool text output. Take special note of the following changes:

vastool checkaccess <user> output was formatted as follows in 3.x:

Access for service <service> by <user> is allowed.
Access for service <service> by <user> is not allowed, <reason>.

vastool checkaccess <user> output has been changed as follows in 4.x:
```
ALLOWED [user=<user>] [service=<service>]
DENIED (<reason>) [user=<user>] [service=<service>]
```
This makes the result of the access check more obvious.

Internal database changes

Upgrade from 3.5 to 4.1 considerations > Functionality changes > Internal database changes

Authentication Services 4.0 changed the format of the internal database. Thus, when upgrading from VAS 3.x to 4.1, all stored disconnected credentials become unusable and will be flushed. You will not have disconnected credentials until you have successfully logged in during a connected state.

vasfilter adm was removed

Upgrade from 3.5 to 4.1 considerations > Functionality changes > vasfilter adm was removed

VAS 3.5 provided vasfilter.adm which allowed you to create limits on Unix values in the ADUC snap-in module. In Authentication Services 4.x you set the Global Unix Options in the Control Center under Preferences.

PAM module changes

Upgrade from 3.5 to 4.1 considerations > Functionality changes > PAM module changes

In VAS 3.5 the pam module was placed at the top of the PAM stack. In Authentication Services 4.x it is placed just before the local password validation module, usually pam_unix. When Authentication Services configures the PAM stack, it converts multi-line entries to one-line entries.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy