This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
roamserver_remote_manager [2014/01/08 01:00] cpanell [Prerequisites] |
roamserver_remote_manager [2014/01/08 01:03] (current) cpanell [Configuration] |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== RoamServer Remote Manager ====== | ||
+ | ===== Prerequisites ===== | ||
+ | The RoamServer Remote Manager has the following prerequisites: | ||
+ | * Account with read privileges on the corporate directory (LDAP or AD). | ||
+ | * x.509 certificate from iPass or a trusted source (like Verisign). | ||
+ | * Requires use of ports 8080 and 443. | ||
+ | * Root Access is required on Linux, and Admin Access is required on Windows. | ||
+ | ===== Installation ===== | ||
+ | |||
+ | To install the file, extract the ''rsrm -<version>-<platform>.zip'' file. | ||
+ | * **For Linux:** ''rsrm-1.0.3-<build num>-linux.tar.gz'' | ||
+ | * **For Windows (32-bit):** ''rsrm-1.0.3-<build num>-win32.zip'' | ||
+ | * **For Windows (64-bit):** ''rsrm-1.0.3-<build num>-win64.zip'' | ||
+ | ===== Configuration ===== | ||
+ | |||
+ | Configure the ''<location>\ipass\RSRM\conf\rsrm.properties'' file. | ||
+ | |||
+ | ^ Source ^ Value ^ | ||
+ | | ''host='' | Enter the IP address of the RoamServer | | ||
+ | | ''port='' | Default is ''577''. | | ||
+ | | ''rsrm.keystore.password='' | Default is ''rsrmpw''. | | ||
+ | | ''logLevel='' | Enter DEBUG or INFO. | | ||
+ | | ''ldap_host='' | Enter the LDAP server IP address | | ||
+ | | ''ldap_port='' | Enter the LDAP server port number | | ||
+ | | ''ldap_bind_user='' | This configuration will set up a specific domain to be used for binding to the LDAP server, before performing a search operation, such as ''ou=people,o=example.com'' | | ||
+ | | ''ldap_bind_password='' | This configuration will set a password to be used for binding to the LDAP server before performing a search operation | | ||
+ | | ''Ldap_BaseDn='' | Specifies base DNs to be used during LDAP authentication, this will be appended to the search Ldap_SearchFilter for the search operation, such as ''ou=people,o=example.com'' | | ||
+ | | ''Ldap_SearchFilter='' | The LDAP attribute to which the User ID is mapped. Modify the attribute ''CN'' if the user ID is mapped to something else. Enter ''CN=$USERID''. **Note:** ''$USERID'' is a required part of the ''Ldap_SearchFilter'' however the customer may want to create a more specific query base on their LDAP configuration. | | ||
+ | | ''Ldap_GroupBaseDn='' | Specifies the base DN to be used during an LDAP Group Search. Modify the filter ''CN=$GROUP,DC=ipass,DC=com'' appropriately. **Note:** Do not remove $GROUP in the search filter ''CN=$GROUP,DC=ipass,DC=com''. | | ||
+ | |||
+ | ===== Install SSL certificate ===== | ||
+ | |||
+ | **Generate encryption key and certificate:** | ||
+ | - ''cd'' to the install directory. | ||
+ | - Run the following command to generate your key: <code> ipass/RSRM/java/bin/keytool -genkey -alias [keyname] -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -keypass rsrmpw -keyalg RSA -dname "EMAILADDRESS=[admin email address], CN=[server domain name], OU=[companyId:server domain name], O=[company name], ST=[2 letter state code], C=[2 letter country code]" -validity [number of days] </code> For example: <code> ipass/RSRM/java/bin/keytool -genkey -alias rsrmsslkey -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -keypass rsrmpw -keyalg RSA -dname "EMAILADDRESS=admin@ipass.com,CN=rsrm.ipass.com, OU=102:rsrm.ipass.com, O=iPass, ST=CA, C=US" -validity 1825 </code> | ||
+ | - Run the following command to genereate certificate signing request: <code> ipass/RSRM/java/bin/keytool -certreq -alias [keyname] -file [cert request file] -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw </code> For example: <code> | ||
+ | ipass/RSRM/java/bin/keytool -certreq -alias rsrmsslkey -file ssl_cert.pem -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw </code> | ||
+ | - Submit the certificate to iPass Tech Support for signing: | ||
+ | * Log in to the [[https://openmobile.ipass.com|Open Mobile Portal]]. | ||
+ | * Click **Manage Tickets**. | ||
+ | * In the **Create New** drop-down list, select **Case**. | ||
+ | * Fill out the form requesting a signed RoamServer certificate. For more information on creating a new support case, click [[tickets#creating_a_new_ticket|here]]. | ||
+ | * After Tech Support responds, you may need to send the CSR ''mail_cert_req.data'' file. | ||
+ | |||
+ | **Import the signed certificate into keystore:** | ||
+ | - Receive the signed certificate from iPass Tech Support. | ||
+ | - Run the following command: <code> ipass/RSRM/java/bin/keytool -importcert -alias [keyname] -file [signed cert file] -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -v -trustcacerts </code> For example: <code> ipass/RSRM/java/bin/keytool -importcert -alias rsrmsslkey -file signed.pem -keypass rsrmpw -keystore ipass/RSRM/conf/security/keystore -storepass rsrmpw -v -trustcacerts </code> | ||
+ | ===== Start RoamServer Remote Manager ===== | ||
+ | |||
+ | **Start up RoamServer Remote Manager:** | ||
+ | - Type: ''cd <location>\ipass\RSRM\bin''. | ||
+ | - Type: ''startup''. | ||
+ | |||
+ | ===== Test RoamServer Remote Manager ===== | ||
+ | |||
+ | Run the test script. | ||
+ | *For Windows, use ''testconfig.bat''. | ||
+ | *For Linux, use ''testconfig.sh''. | ||
+ | |||
+ | You will be prompted to enter the RSRM server host name (leave it blank and press Enter to accept the default, ''localhost'') and RSRM server port (leave it blank and press Enter to accept the default, ''8080''). | ||
+ | |||
+ | The test script will run four test: | ||
+ | - ''Ping'': Checks to see if the RoamServer Remote Manger server is up. | ||
+ | - ''LDAP'': Verifies that the LDAP is configured properly. The LDAP test has two checks: | ||
+ | * //host//: Checks if the ''ldap_host'' and ''ldap_port'' are correct in the ''rsrm.properties'' file. | ||
+ | * //authentication//: Checks if the ''ldap_bind_user'' and ''ldap_bind_password'' are correct in the ''rsrm.properties'' file. | ||
+ | - ''Group'': You will be prompted to enter a known valid Group Name and the test will verify whether the Group Search configuration is correct (''Ldap_GroupBaseDn''). | ||
+ | - ''User'': You will be prompted to enter a known valid username, and the test will verify whether the User Search configuration is correct (''Ldap_SearchFilter''). | ||
+ | |||
+ | If your RoamServer Remote Manager passes these tests it should be working properly. | ||
+ | |||
+ | ===== Firewall Configuration ===== | ||
+ | |||
+ | The RSRM must be able to communicate with the [[required_configurations_for_open_mobile_access#Open_Mobile_Portal|Open Mobile Portal]] and the [[required_configurations_for_open_mobile_access#Open_Mobile_Update_Server|Open Mobile Update Server]]. For a full list of configuration options please see [[Required Configurations for Open Mobile Access]]. | ||
+ | |||
+ | ===== Technical Support Ticket ===== | ||
+ | |||
+ | If you have not done so already, [[tickets|submit a ticket]] with Technical Support to add your RoamServer Remote Manager through the Open Mobile Portal. | ||
+ | |||
+ | Go to: [[general_group_subscription_process|Subscription Management Feature]] | ||
+ | |||
+ | {{tag>rsrm}} |