| Warning | ||
|---|---|---|
| ||
With this type of installation you will install the components of management server and access server (SSH-Proxy or RDP-Proxy) on the one server. |
Preparation
Before you begin the installation, please read the preparation for installation section.
Certificates
Certificate of Certification Authority
Move the CA certificate to the distribution along the path:
indeed-pam-linux\state\ca-certificates
Server Certificate
Move the server certificate to the distribution along the path:
indeed-pam-linux\state\certs
vars
- Go to the folder
indeed-pam-linux\scripts\ansibleand open the filevars.yml. - Find the line # pfx_pass: "ENTER_HERE" and delete the # symbol.
- Instead of ENTER_HERE, specify the password for the server certificate and save the changes.
Flat Configuration File
Fill in the appropriate fields in the flat config file config.json along the path indeed-pam-linux:
| Code Block |
|---|
{
"DefaultServer": "TARGET_SERVER_FQDN", //to be filled out
"DefaultDbServer": "pgsql",
"DefaultDbUser": "admin",
"DefaultDbPassword": "Q1w2e3r4",
"IdpAdminSids": [
"AD_ADMIN_SID" // to be filled out
],
"Database": "pgsql",
"EncryptionKey": "3227cff10b834ee60ad285588c6510ea1b4ded5b24704cf644a51d2a9db3b7e5", //к заполнению
"ActiveDirectoryDomain": "AD_FQDN", //to be filled out
"ActiveDirectoryContainerPath": "USER_CONTAINDER_DN", //to be filled out
"ActiveDirectoryUserName": "AD_SERVICE_USER_NAME", //to be filled out
"ActiveDirectoryPassword": "AD_SERVICE_USER_PASSWORD", //to be filled out
"ActiveDirectorySsl": false,
"IsLinux": true
} |
Parameters:
- DefaultServer — FQDN name of the server, for example server.domain.local.com
- DefaultDbServer — FQDN name of the database server. Local docker image is used for simplified installation
- DefaultDbUser — database user
- DefaultDbPassword — password of the database user
- IdpAdminSids — Administrator SID from Active Directory
- Database — database type, for simplified installation use pgsql
EncryptionKey — encryption key. You can use the key specified above.
Note It is recommended to generate a new database encryption key using the IndeedPAM.KeyGen.exe utility, located at the path indeed-pam-tools\key-gen
- ActiveDirectoryDomain — DNS name of the domain, for example domain.local.com
- ActiveDirectoryContainerPath — path to Active Directory users, for example DC=indeed,DC=test
- ActiveDirectoryUserName — username for connecting to Active Directory
- ActiveDirectoryPassword — user password for connecting to Active Directory
- ActiveDirectorySsl — this parameter is responsible for selecting a connection via LDAPS
- IsLinux — this parameter is responsible for applying default settings for Linux and Windows systems.
An example of a completed config.json file:
| Code Block |
|---|
{
"DefaultServer": "pamserver.indeed.local",
"DefaultDbServer": "pgsql",
"DefaultDbUser": "admin",
"DefaultDbPassword": "Q1w2e3r4",
"IdpAdminSids": [
"S-1-5-21-2099084505-2851035876-2509165319-1112"
],
"Database": "pgsql",
"EncryptionKey": "3227cff10b834ee60ad285588c6510ea1b4ded5b24704cf644a51d2a9db3b7e5",
"ActiveDirectoryDomain": "indeed.local",
"ActiveDirectoryContainerPath": "OU=PAMUsers,DC=indeed,DC=local"",
"ActiveDirectoryUserName": "IPAMADReadOps",
"ActiveDirectoryPassword": "!Q2w3e$R",
"ActiveDirectorySsl": false,
"IsLinux": true
} |
Installation
- Move the indeed-pam-linux distribution folder to the target Linux resource
Run the installation script with the command
Code Block language bash sudo bash run-deploy.sh
- At the Enter target IP step press Enter
- When prompted, enter your local sudo user name (for example, root) and password
- Wait until the installation is complete
| Divbox | ||||
|---|---|---|---|---|
| ||||
|