Installing licenses from the command line
With root privileges, you can manually install a valid license by copying the new license file to the licenses directory on the Unix host.
To install a Safeguard Authentication Services license manually
- Copy the license file to the /etc/opt/quest/vas/.licenses directory.
- Ensure the permissions on the license file are set to 0644.
- Restart vasd as root by running the command corresponding to your platform:
- Linux/Oracle Solaris:
launchctl unload /Library/LaunchDaemons/com.quest.vasd.plist
launchctl load /Library/LaunchDaemons/com.quest.vasd.plist
Creating the application configuration from the Unix command line
Before you join a Unix client to an Active Directory domain, One Identity recommends that you create the application configuration in the domain to which you are joining to utilize full Safeguard Authentication Services 5.0.1 functionality. While the Safeguard Authentication Services Active Directory Configuration Wizard starts automatically to help you configure Active Directory for Safeguard Authentication Services the first time you start the Control Center, you do not need to have a Windows console to create the application configuration. You can run the vastool configure ad command from the Unix command line to create it. This is typically a one-time process.
To create the Safeguard Authentication Services application configuration
- Run the following command from the Unix command line:
# /opt/quest/bin/vastool ad -u <user> configure -d <domain>
By default, Safeguard Authentication Services creates the application configuration in the Program Data container; however, if you do not have rights to create an organizational unit in the Program Data container, you can create the Safeguard Authentication Services application configuration in any location you have rights to by specifying the DN (distinguished name) of the creation location, as follows:
vastool -u <user> configure -d <domain> ou cn=myou,dc=example,dc=com
Enter the user’s password when prompted.
Changing the schema configuration mode
When you create the Safeguard Authentication Services application configuration, you set the global schema configuration mode to R2 by default. However, you can optionally configure Safeguard Authentication Services for "schemaless" operation using the schema configure command.
To switch to a schemaless configuration
- Run the following command:
# /opt/quest/bin/vastool -u <user> schema -d <domain> configure schemaless
The schema configure command only allows you to set the schema mode to either R2 or "schemaless" modes. To set the schema configuration to any other mode, you must do so from the Control Center Preferences.
- Enter the user’s password when prompted.
Joining the domain
For full Safeguard Authentication Services functionality on Unix, you must join the Unix system on which you installed the Safeguard Authentication Services agent to the Active Directory domain. You can join an Active Directory domain either by running vastool join from the command line or the interactive join script, vasjoin.sh.
Before you join the Unix host to the Active Directory domain, you may want to determine if you are already joined.
To determine if you are joined to an Active Directory domain
- Run the following command:
# /opt/quest/bin/vastool info domain
If you are joined to a valid domain this command returns the domain name. If you are not joined to a domain, you will see the following error:
ERROR: No domain could be found.
ERROR: VAS_ERR_CONFIG: at ctx.c:414 in _ctx_init_default_realm
default_realm not configured in vas.conf. Computer may not be joined to domain