Preparation

Before you begin the installation, please read the preparation for installation section.

Certificates

Certificate of Certification Authority

Move the CA certificate to the distribution along the path:

axidian-pam-linux\state\ca-certificates

Server Certificate

Move the server certificate to the distribution along the path:

axidian-pam-linux\state\certs

vars

1. Go to the folder axidian-pam-linux\scripts\ansible and open the file vars.yml.
2. Find the line # pfx_pass: "ENTER_HERE" and delete the # symbol.
3. Instead of ENTER_HERE, specify the password for the server certificate and save the changes.

Flat Configuration File

1. Go to the distribution folder.
2. Change the config.json.template file extension from template to json.
3. Make sure the file name is config.json.

Fill in the indicated fields in the configuration file:

{
  "DefaultServer": "TARGET_SERVER_FQDN", //to be filled out
  "DefaultDbServer": "pgsql",
  "DefaultDbUser": "admin",
  "DefaultDbPassword": "Q1w2e3r4",
  "IdpAdminSids": [
    "AD_ADMIN_SID" // to be filled out
  ],
  "Database": "pgsql",
  "EncryptionKey": "3227cff10b834ee60ad285588c6510ea1b4ded5b24704cf644a51d2a9db3b7e5", //to be filled out
  "ActiveDirectoryDomain": "AD_FQDN", //to be filled out
  "ActiveDirectoryContainerPath": "USER_CONTAINER_DN", //to be filled out
  "ActiveDirectoryUserName": "AD_SERVICE_USER_NAME", //to be filled out
  "ActiveDirectoryPassword": "AD_SERVICE_USER_PASSWORD", //to be filled out
  "ActiveDirectorySsl": false,
  "IsLinux": true
}

Parameters:

• DefaultServer — FQDN of the server, for example server.domain.local.com
• DefaultDbServer — FQDN of the database server, e.g. server.domain.local.com. To install a local docker image on a pilot, you need to specify pgsql.
• DefaultDbUser — database user
• DefaultDbPassword — password of the database user
• IdpAdminSids — Administrator SID from Active Directory
• Database — database type, for simplified installation use pgsql

• EncryptionKey — encryption key. You can use the key specified above.

  It is recommended to generate a new database encryption key using the IndeedPAM.KeyGen.exe utility, located at the path indeed-pam-tools\key-gen

  
  

• ActiveDirectoryDomain — DNS name of the domain, for example domain.local.com
• ActiveDirectoryContainerPath — path to Active Directory users, for example DC=indeed,DC=test
• ActiveDirectoryUserName — username for connecting to Active Directory
• ActiveDirectoryPassword — user password for connecting to Active Directory
• ActiveDirectorySsl — this parameter is responsible for selecting a connection via LDAPS
• IsLinux — this parameter is responsible for applying default settings for Linux and Windows systems.

An example of a completed config.json file:

{
  "DefaultServer": "pamserver.indeed.local",
  "DefaultDbServer": "pgsql",
  "DefaultDbUser": "admin",
  "DefaultDbPassword": "Q1w2e3r4",
  "IdpAdminSids": [
    "S-1-5-21-2099084505-2851035876-2509165319-1112"
  ],
  "Database": "pgsql",
  "EncryptionKey": "3227cff10b834ee60ad285588c6510ea1b4ded5b24704cf644a51d2a9db3b7e5", 
  "ActiveDirectoryDomain": "indeed.local",
  "ActiveDirectoryContainerPath": "OU=PAMUsers,DC=indeed,DC=local",
  "ActiveDirectoryUserName": "IPAMADReadOps",
  "ActiveDirectoryPassword": "!Q2w3e$R",
  "ActiveDirectorySsl": false,
  "IsLinux": true
}

Installation

1. Move the indeed-pam-linux distribution folder to the target Linux resource

2. If CIS Benchmark Docker security settings are applied, then run the installation script with the command:

   sudo bash run-deploy.sh

   If CIS Benchmark Docker security settings are not applied, then run the installation script with the command:

   sudo bash run-deploy.sh -bench-skip

   
   

3. At the Enter target IP step press Enter
4. When prompted, enter your local sudo user name (for example, root) and password
5. Wait until the installation is complete