The RoamServer Remote Manager has the following prerequisites:
To install the file, extract the rsrm -<version>-<platform>.zip
file.
rsrm-1.0.3-<build num>-linux.tar.gz
rsrm-1.0.3-<build num>-win32.zip
rsrm-1.0.3-<build num>-win64.zip
Configure the <location>\ipass\RSRM\conf\rsrm.properties
file.
Source | Value |
---|---|
host= | Enter the IP address of the RoamServer |
port= | Default is 577 . |
rsrm.keystore.password= | Default is rsrmpw . |
logLevel= | Enter DEBUG or INFO. |
ldap_host= | Enter the LDAP server IP address |
ldap_port= | Enter the LDAP server port number |
ldap_bind_user= | This configuration will set up a specific domain to be used for binding to the LDAP server, before performing a search operation, such as ou=people,o=example.com |
ldap_bind_password= | This configuration will set a password to be used for binding to the LDAP server before performing a search operation |
Ldap_BaseDn= | Specifies base DNs to be used during LDAP authentication, this will be appended to the search Ldap_SearchFilter for the search operation, such as ou=people,o=example.com |
Ldap_SearchFilter= | The LDAP attribute to which the User ID is mapped. Modify the attribute CN if the user ID is mapped to something else. Enter CN=$USERID . Note: $USERID is a required part of the Ldap_SearchFilter however the customer may want to create a more specific query base on their LDAP configuration. |
Ldap_GroupBaseDn= | Specifies the base DN to be used during an LDAP Group Search. Modify the filter CN=$GROUP,DC=ipass,DC=com appropriately. Note: Do not remove $GROUP in the search filter CN=$GROUP,DC=ipass,DC=com . |
Generate encryption key and certificate:
cd
to the install directory.ipass/RSRM/java/bin/keytool -genkey -alias [keyname] -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -keypass rsrmpw -keyalg RSA -dname "EMAILADDRESS=[admin email address], CN=[server domain name], OU=[companyId:server domain name], O=[company name], ST=[2 letter state code], C=[2 letter country code]" -validity [number of days]
For example:
ipass/RSRM/java/bin/keytool -genkey -alias rsrmsslkey -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -keypass rsrmpw -keyalg RSA -dname "EMAILADDRESS=admin@ipass.com,CN=rsrm.ipass.com, OU=102:rsrm.ipass.com, O=iPass, ST=CA, C=US" -validity 1825
ipass/RSRM/java/bin/keytool -certreq -alias [keyname] -file [cert request file] -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw
For example:
ipass/RSRM/java/bin/keytool -certreq -alias rsrmsslkey -file ssl_cert.pem -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw
mail_cert_req.data
file.Import the signed certificate into keystore:
ipass/RSRM/java/bin/keytool -importcert -alias [keyname] -file [signed cert file] -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -v -trustcacerts
For example:
ipass/RSRM/java/bin/keytool -importcert -alias rsrmsslkey -file signed.pem -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -v -trustcacerts
Start up RoamServer Remote Manager:
cd <location>\ipass\RSRM\bin
.startup
.Run the test script.
testconfig.bat
. testconfig.sh
.
You will be prompted to enter the RSRM server host name (leave it blank and press Enter to accept the default, localhost
) and RSRM server port (leave it blank and press Enter to accept the default, 8080
).
The test script will run four test:
Ping
: Checks to see if the RoamServer Remote Manger server is up. LDAP
: Verifies that the LDAP is configured properly. The LDAP test has two checks: ldap_host
and ldap_port
are correct in the rsrm.properties
file.ldap_bind_user
and ldap_bind_password
are correct in the rsrm.properties
file.Group
: You will be prompted to enter a known valid Group Name and the test will verify whether the Group Search configuration is correct (Ldap_GroupBaseDn
).User
: You will be prompted to enter a known valid username, and the test will verify whether the User Search configuration is correct (Ldap_SearchFilter
).If your RoamServer Remote Manager passes these tests it should be working properly.
The RSRM must be able to communicate with the Open Mobile Portal and the Open Mobile Update Server. For a full list of configuration options please see Required Configurations for Open Mobile Access.
If you have not done so already, submit a ticket with Technical Support to add your RoamServer Remote Manager through the Open Mobile Portal.