Chat now with support
Chat with Support

Safeguard Authentication Services 4.2.3 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Authentication Services Upgrade the web console Upgrade Authentication Services Windows components Configure Active Directory for Authentication Services Configure Unix agent components Upgrade Authentication Services client components manually Getting started with Authentication Services Troubleshooting

Authentication Services agent upgrade commands

To upgrade the Authentication Services agent package

  1. Log in and open a root shell.
  2. Mount the installation ISO and run the appropriate command.

    See Additional configuration information that follows the table.

    Table 11: Authentication Services: Agent commands
    Platform Command

    Linux x86 - RPM

    # rpm -Uhv /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.rpm

    Linux x64 - RPM

    # rpm -Uhv /<mount>/client/linux-x86_64/vasclnt-<version>-<build>.x86_64.rpm

    Linux x86 - DEB

    # dpkg -i /<mount>/client/linux-x86/vasclnt-<version>-<build>.i386.deb

    Linux x64 - DEB

    # dpkg -i /<mount>/client/linux-x86_64/vasclnt-<version>-<build>_amd64.deb

    Linux s390

    # rpm -Uhv /<mount>/client/linux-s390/vasclnt-<version>-<build>.s390.rpm

    Linux s390x

    # rpm -Uhv /<mount>/client/linux-s390x/vasclnt-<version>-<build>.s390x.rpm

    SLES 11, 12, and 15 PPC

    # rpm -Uhv /<mount>/client/linux-glibc23-ppc64/vasclnt-glibc23-<version>-<build>.ppc64.rpm

    Oracle Solaris 10 and 11 x64

    # pkgadd -d /<mount>/client/solaris10-x64/vasclnt_SunOS_5.10_i386-<version>-<build>.pkg vasclnt

    Oracle Solaris 10 and 11 SPARC

    # pkgadd -d /<mount>/client/solaris10-sparc/vasclnt_SunOS_5.8_sparc-<version>-<build>.pkg vasclnt

    HP-UX PA-RISC 11i v3 (B.11.31)

    # swinstall -s /<mount>/client/hpux-pa-11v1/vasclnt_hpux-11.11-<version>-<build>.depot vasclnt

    HP-UX IA64 11i v3 (B.11.31)

    # swinstall -s /<mount>/client/hpux-ia64/vasclnt_ia64-<version>-<build>.depot vasclnt

    AIX 7.1 and 7.2

    # installp -acXd /<mount>/client/aix-71/vasclnt.AIX_5.3.<version>-<build>.bff all

    Mac OS X

    /usr/sbin/installer -pkg '/<mount>/VAS.mpkg/Contents/Packages/vasclnt.pkg' -target /

    FreeBSD 10 and 11

    pkg /<mount>/client/freebsd-x86_64/vasclnt-<build>.txz

    Amazon Linux AMI

    # rpm - Uhv /<mount>/client/linux-x86_64/vasclnt-<build>.x86_64.rpm

Additional configuration information

Note: During the upgrade, vasd reloads and updates its user and group cache. To restart the Authentication Services caching service, see Restarting Authentication Services services.

Note: Oracle Solaris: The -a vasclient-defaults option specifies an alternative default file for pkgadd administrative options that allows pkgadd to overwrite an existing package with a new package.

pkgadd does not support the concept of upgrading a package, so this allows you to upgrade without having to rejoin your machine to the Active Directory domain, or uninstalling the old version first.

Note: HP-UX: Reboot the HP-UX machine to ensure that all of the new files are installed. HP-UX does not allow you to overwrite files that are in use—this is done as part of the boot sequence.

Restarting Authentication Services services

  1. The method for restarting services varies by platform:
    1. To restart Authentication Services on Linux or Oracle Solaris, enter:
      /etc/init.d/vasd restart
    2. To restart Authentication Services on HP-UX, enter:
      /sbin/init.d/vasd restart
    3. To restart Authentication Services on AIX, enter:
      stopsrc -s vasd
      startsrc -s vasd

Note: Due to library changes between the Authentication Services 4.1 and 4.2, the system may need to be rebooted before all processes load the new libraries.

Getting started with Authentication Services

Once you have successfully installed Authentication Services, you will want to learn how to do some basic system administration tasks using the Control Center and Management Console for Unix.

Getting acquainted with the Control Center

Authentication Services consists of plugins, extensions, security modules, and utilities spread across nearly every operating system imaginable. The Control Center pulls those parts together and provides a single place for you to find the information and resources you need.

Control Center installs on Windows and is a great starting place for new users to get comfortable with some of Authentication Services' capabilities.

You can launch the Control Center from the Start menu or by double-clicking the desktop icon, or by double-clicking the Control Center application file from %SystemDrive% :\Program Files (x86)\Quest Software\Authentication Services.

Table 12: Control Center: Navigation links
Control Center pane Description
Home

The Welcome page provides information about how to use the Control Center tools and features.

Management Console

You can run the One Identity Management Console for Unix mangement console within the Control Center or you can run it separately in a supported web browser. The mangement console is a separate install on Windows, Unix, Linux, or macOS that you can launch from the ISO.

Typically, you install one mangement console per environment to avoid redundancy. One Identity does not advise managing a Unix host by more than one mangement console in order to avoid redundancy and inconsistencies in stored information. If you manage the same Unix host by more than one mangement console, you should always re-profile that host to minimize inconsistencies that may occur between instances of the mangement consoles.

Group Policy The Control Center provides the ability to search on Active Directory Group Policy Objects that have Unix and macOS settings defined. Also provides links to edit these GPOs and run reports that show the detailed settings of the Group Policy Objects.
Tools The Control Center provides links to additional tools and resources available with Authentication Services. A great starting place for anyone new to the product.
Preferences

The Control Center allows you to centrally manage the default values generated by the various Authentication Services management tools, including the ADUC snap-in, the PowerShell cmdlets, and the Unix command-line tools.

Log into remote host The Control Center provides a simple SSH client (built on PuTTY) for remote access to Unix systems; simplifies new installs from having to find and install a separate PuTTY client.

To run the Control Center, you must be logged in as a domain user. To make changes to global settings, you must have rights in Active Directory to create, delete, and modify objects in the Authentication Services configuration area of Active Directory.

Related Documents