RoamServer Remote Manager

Prerequisites

The RoamServer Remote Manager has the following prerequisites:

  • Account with read privileges on the corporate directory (LDAP or AD).
  • x.509 certificate from iPass or a trusted source (like Verisign).
  • Requires use of ports 8080 and 443.
  • Root Access is required on Linux, and Admin Access is required on Windows.

Installation

To install the file, extract the rsrm -<version>-<platform>.zip file.

  • For Linux: rsrm-1.0.3-<build num>-linux.tar.gz
  • For Windows (32-bit): rsrm-1.0.3-<build num>-win32.zip
  • For Windows (64-bit): rsrm-1.0.3-<build num>-win64.zip

Configuration

Configure the <location>\ipass\RSRM\conf\rsrm.properties file.

Source Value
host= Enter the IP address of the RoamServer
port= Default is 577.
rsrm.keystore.password= Default is rsrmpw.
logLevel= Enter DEBUG or INFO.
ldap_host= Enter the LDAP server IP address
ldap_port= Enter the LDAP server port number
ldap_bind_user= This configuration will set up a specific domain to be used for binding to the LDAP server, before performing a search operation, such as ou=people,o=example.com
ldap_bind_password= This configuration will set a password to be used for binding to the LDAP server before performing a search operation
Ldap_BaseDn= Specifies base DNs to be used during LDAP authentication, this will be appended to the search Ldap_SearchFilter for the search operation, such as ou=people,o=example.com
Ldap_SearchFilter= The LDAP attribute to which the User ID is mapped. Modify the attribute CN if the user ID is mapped to something else. Enter CN=$USERID. Note: $USERID is a required part of the Ldap_SearchFilter however the customer may want to create a more specific query base on their LDAP configuration.
Ldap_GroupBaseDn= Specifies the base DN to be used during an LDAP Group Search. Modify the filter CN=$GROUP,DC=ipass,DC=com appropriately. Note: Do not remove $GROUP in the search filter CN=$GROUP,DC=ipass,DC=com.

Install SSL certificate

Generate encryption key and certificate:

  1. cd to the install directory.
  2. Run the following command to generate your key:
     ipass/RSRM/java/bin/keytool -genkey -alias [keyname] -keystore  ipass/RSRM/conf/security/keystore -storepass rsrmpw -keypass rsrmpw -keyalg RSA -dname "EMAILADDRESS=[admin email address], CN=[server domain name], OU=[companyId:server domain name], O=[company name], ST=[2 letter state code], C=[2 letter country code]" -validity [number of days] 

    For example:

     ipass/RSRM/java/bin/keytool -genkey -alias rsrmsslkey -keystore  ipass/RSRM/conf/security/keystore -storepass rsrmpw -keypass rsrmpw -keyalg RSA -dname "EMAILADDRESS=admin@ipass.com,CN=rsrm.ipass.com, OU=102:rsrm.ipass.com, O=iPass, ST=CA, C=US" -validity 1825 
  3. Run the following command to genereate certificate signing request:
     ipass/RSRM/java/bin/keytool -certreq -alias  [keyname] -file [cert request file] -keypass rsrmpw -keystore  ipass/RSRM/conf/security/keystore -storepass rsrmpw 

    For example:

    ipass/RSRM/java/bin/keytool -certreq -alias  rsrmsslkey -file ssl_cert.pem -keypass rsrmpw -keystore  ipass/RSRM/conf/security/keystore -storepass rsrmpw 
  4. Submit the certificate to iPass Tech Support for signing:
    • Log in to the Open Mobile Portal.
    • Click Manage Tickets.
    • In the Create New drop-down list, select Case.
    • Fill out the form requesting a signed RoamServer certificate. For more information on creating a new support case, click here.
    • After Tech Support responds, you may need to send the CSR mail_cert_req.data file.

Import the signed certificate into keystore:

  1. Receive the signed certificate from iPass Tech Support.
  2. Run the following command:
     ipass/RSRM/java/bin/keytool -importcert -alias [keyname] -file [signed cert file] -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -v -trustcacerts 

    For example:

     ipass/RSRM/java/bin/keytool -importcert -alias rsrmsslkey -file signed.pem -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -v -trustcacerts 

Start RoamServer Remote Manager

Start up RoamServer Remote Manager:

  1. Type: cd <location>\ipass\RSRM\bin.
  2. Type: startup.

Test RoamServer Remote Manager

Run the test script.

  • For Windows, use testconfig.bat.
  • For Linux, use testconfig.sh.

You will be prompted to enter the RSRM server host name (leave it blank and press Enter to accept the default, localhost) and RSRM server port (leave it blank and press Enter to accept the default, 8080).

The test script will run four test:

  1. Ping: Checks to see if the RoamServer Remote Manger server is up.
  2. LDAP: Verifies that the LDAP is configured properly. The LDAP test has two checks:
    • host: Checks if the ldap_host and ldap_port are correct in the rsrm.properties file.
    • authentication: Checks if the ldap_bind_user and ldap_bind_password are correct in the rsrm.properties file.
  3. Group: You will be prompted to enter a known valid Group Name and the test will verify whether the Group Search configuration is correct (Ldap_GroupBaseDn).
  4. User: You will be prompted to enter a known valid username, and the test will verify whether the User Search configuration is correct (Ldap_SearchFilter).

If your RoamServer Remote Manager passes these tests it should be working properly.

Firewall Configuration

The RSRM must be able to communicate with the Open Mobile Portal and the Open Mobile Update Server. For a full list of configuration options please see Required Configurations for Open Mobile Access.

Technical Support Ticket

If you have not done so already, submit a ticket with Technical Support to add your RoamServer Remote Manager through the Open Mobile Portal.

Go to: Subscription Management Feature

 

©2015 iPass Inc. All rights reserved. Terms of Use