| Warning | ||
|---|---|---|
| ||
With this type of installation you will install the components of management server and access server (SSH-Proxy or RDP-Proxy) on the one server. |
Preparation
Before you begin the installation, please read the preparation for installation section.
Certificates
Certificate of Certification Authority
Move the CA certificate to the distribution along the path:
indeed-pam-linux\state\ca-certificates
Server Certificate
Move the server certificate to the distribution along the path:
indeed-pam-linux\state\certs
vars
- Go to the folder
indeed-pam-linux\scripts\ansibleand open the filevars.yml. - Find the line # pfx_pass: "ENTER_HERE" and delete the # symbol.
- Instead of ENTER_HERE, specify the password for the server certificate and save the changes.
Flat Configuration File
Rename the config.json.template file to config.json.
Fill in the appropriate fields in the flat config file config.json along the path indeed-pam-linux:
| Code Block |
|---|
{
"DefaultServer": "TARGET_SERVER_FQDN", //to be filled out
"DefaultDbServer": "pgsql",
"DefaultDbUser": "admin",
"DefaultDbPassword": "Q1w2e3r4",
"IdpAdminSids": [
"AD_ADMIN_SID" // to be filled out
],
"Database": "pgsql",
"EncryptionKey": "3227cff10b834ee60ad285588c6510ea1b4ded5b24704cf644a51d2a9db3b7e5", //к заполнению
"ActiveDirectoryDomain": "AD_FQDN", //to be filled out
"ActiveDirectoryContainerPath": "USER_CONTAINDER_DN", //to be filled out
"ActiveDirectoryUserName": "AD_SERVICE_USER_NAME", //to be filled out
"ActiveDirectoryPassword": "AD_SERVICE_USER_PASSWORD", //to be filled out
"ActiveDirectorySsl": false,
"IsLinux": true
} |
Parameters:
- DefaultServer — FQDN name of the server, for example server.domain.local.com
- DefaultDbServer — FQDN name of the database server. Local docker image is used for simplified installation
- DefaultDbUser — database user
- DefaultDbPassword — password of the database user
- IdpAdminSids — Administrator SID from Active Directory
- Database — database type, for simplified installation use pgsql
EncryptionKey — encryption key. You can use the key specified above.
Note It is recommended to generate a new database encryption key using the IndeedPAM.KeyGen.exe utility, located at the path indeed-pam-tools\key-gen
- ActiveDirectoryDomain — DNS name of the domain, for example domain.local.com
- ActiveDirectoryContainerPath — path to Active Directory users, for example DC=indeed,DC=test
- ActiveDirectoryUserName — username for connecting to Active Directory
- ActiveDirectoryPassword — user password for connecting to Active Directory
- ActiveDirectorySsl — this parameter is responsible for selecting a connection via LDAPS
- IsLinux — this parameter is responsible for applying default settings for Linux and Windows systems.
An example of a completed config.json file:
| Code Block |
|---|
{
"DefaultServer": "pamserver.indeed.local",
"DefaultDbServer": "pgsql",
"DefaultDbUser": "admin",
"DefaultDbPassword": "Q1w2e3r4",
"IdpAdminSids": [
"S-1-5-21-2099084505-2851035876-2509165319-1112"
],
"Database": "pgsql",
"EncryptionKey": "3227cff10b834ee60ad285588c6510ea1b4ded5b24704cf644a51d2a9db3b7e5",
"ActiveDirectoryDomain": "indeed.local",
"ActiveDirectoryContainerPath": "OU=PAMUsers,DC=indeed,DC=local"",
"ActiveDirectoryUserName": "IPAMADReadOps",
"ActiveDirectoryPassword": "!Q2w3e$R",
"ActiveDirectorySsl": false,
"IsLinux": true
} |
Installation
- Move the indeed-pam-linux distribution folder to the target Linux resource
Run the installation script with the command
Code Block language bash sudo bash run-deploy.sh
- At the Enter target IP step press Enter
- When prompted, enter your local sudo user name (for example, root) and password
- Wait until the installation is complete
| Info |
|---|
If the script aborted with an error, send the log file to technical support. |
| Divbox | ||||
|---|---|---|---|---|
| ||||
|