1. Home
  2. Archive
  3. Access Manager archive
  4. Administration Guide
  5. Directories
  6. Access Manager: Create Additional Connectors - SSH Connector

Access Manager: Create Additional Connectors - SSH Connector

Can't find what you're looking for?
Request Supporthere

system 25 February, 2022
This article is marked as obsolete.

The Directories page is where you can add any additional primary or secondary connectors. From the main page select Add new Connector.


In this section we're going to show how to install a Linux directory server. To add any SSH based connector you must have SSH running on the server and root account must be able to SSH just as with Active Directory Access Manager requires admin/root access to the directory server.


Locate Connector
From the discovery wizard Access Manager should be able to locate your server if not simply select Configure Manually then select the SSH Scripts Connector from the Connector Type dropdown and press Next.

 

Configure Connector
Settings:

  • Name: a reference name for the new connector this will be used as part of the username when a user is logging in with the format username@Name /Name\username so make sure this is something your end users are comfortable with
  • Usage: whether this is a primary or secondary connector. Primary connector can be used to login with but cannot be linked to whereas secondary connectors can be linked with accounts in a primary connector allowing for central Identity management. By default this will be secondary. NOTE: This value cannot be changed later
  • Hostname: hostname of server
  • Port: this is defaulted to port 22 as the SSH port if yours differs then set it here
  • Password or private key: authentication is required for the root user either via a password or private key
  • Proxy server: if you have a proxy server in between then
  • OS: this defines which operating system your end directory server is running currently supported versions are:
  • Generic: Linux suitable for most Linux distributions
  • Solaris: for Solaris server
  • SoalrisNIS: for Solaris running NIS
  • SolarosKerberosNIS: for Solaris running Kerberos and NIS to manage user account administration
  • Custom Script: if your version is not supported you can create your own custom script for it

 

SolarisKerberosNIS
The ideal setup for this connector is that your host Solaris machine has both the NIS master and Kerberos master/slave on, you will get the full feature set this way. If that is not possible you can run a NIS slave and Kerberos master/slave but account creation is not supported in this setup.


An additional tab becomes available as shown below allowing you to setup Kerberos:
• Kerberos realm: this is only needed if the kerberos realm is not the same as the NIS domain in upper case
• Kerberos admin: this is required for setting passwords and retrieving account details. The account can be one of the following:
• if from a normal ssh client upon logging to ssh as root you can run "kadmin" without providing any password, then you do not need to provide anything here.
• if it does ask for a password and the principal it chooses exists then you can enter that principal name and password in the NAM configuration
• if there is no admin kerberos principal set up then you can set one up specifically for NAM. call this something like nam/admin@YOUR.DOMAIN.COM and configure the connector to use this. The admin principal can be restricted to a user in the kerberos ACL list.


Finish Installation
Once the connector has been setup Access Manager will attempt to connect to the server if everything went ok you will get a successful message and your directory will be visible from the Directories page again as shown below.


A primary connector is denoted by the * icon against it. The connector settings can be changed as before by expanding the Configuration section.