This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
roamserver_remote_manager [2014/01/08 01:00]
cpanell [Prerequisites]
roamserver_remote_manager [2014/01/08 01:03] (current)
cpanell [Configuration]
Line 1: Line 1:
 +====== RoamServer Remote Manager ======
 +===== Prerequisites =====
 +The RoamServer Remote Manager has the following prerequisites:​
 +  * Account with read privileges on the corporate directory (LDAP or AD).
 +  * x.509 certificate from iPass or a trusted source (like Verisign). ​
 +  * Requires use of ports 8080 and 443. 
 +  * Root Access is required on Linux, and Admin Access is required on Windows.
 +===== Installation =====
 +To install the file, extract the ''​rsrm -<​version>​-<​platform>​.zip''​ file. 
 +  * **For Linux:** ''​rsrm-1.0.3-<​build num>​-linux.tar.gz''​
 +  * **For Windows (32-bit):** ''​rsrm-1.0.3-<​build num>​-win32.zip''​
 +  * **For Windows (64-bit):** ''​rsrm-1.0.3-<​build num>​-win64.zip''​
 +===== Configuration =====
 +Configure the ''<​location>​\ipass\RSRM\conf\rsrm.properties''​ file.
 +^ Source ^ Value ^
 +| ''​host=''​ | Enter the IP address of the RoamServer |
 +| ''​port=''​ | Default is ''​577''​. |
 +| ''​rsrm.keystore.password=''​ | Default is ''​rsrmpw''​. |
 +| ''​logLevel=''​ | Enter DEBUG or INFO. |
 +| ''​ldap_host=''​ | Enter the LDAP server IP address |
 +| ''​ldap_port=''​ | Enter the LDAP server port number |
 +| ''​ldap_bind_user=''​ | This configuration will set up a specific domain to be used for binding to the LDAP server, before performing a search operation, such as ''​ou=people,​o=example.com''​ |
 +| ''​ldap_bind_password=''​ | This configuration will set a password to be used for binding to the LDAP server before performing a search operation | 
 +| ''​Ldap_BaseDn=''​ | Specifies base DNs to be used during LDAP authentication,​ this will be appended to the search Ldap_SearchFilter for the search operation, such as ''​ou=people,​o=example.com''​ |
 +| ''​Ldap_SearchFilter=''​ | The LDAP attribute to which the User ID is mapped. Modify the attribute ''​CN''​ if the user ID is mapped to something else. Enter ''​CN=$USERID''​. **Note:** ''​$USERID''​ is a required part of the ''​Ldap_SearchFilter''​ however the customer may want to create a more specific query base on their LDAP configuration. | 
 +| ''​Ldap_GroupBaseDn=''​ | Specifies the base DN to be used during an LDAP Group Search. Modify the filter ''​CN=$GROUP,​DC=ipass,​DC=com''​ appropriately. **Note:** Do not remove $GROUP in the search filter ''​CN=$GROUP,​DC=ipass,​DC=com''​. |
 +===== Install SSL certificate =====
 +**Generate encryption key and certificate:​**
 +  - ''​cd''​ to the install directory.
 +  - Run the following command to generate your key: <​code>​ ipass/​RSRM/​java/​bin/​keytool -genkey -alias [keyname] -keystore ​ ipass/​RSRM/​conf/​security/​keystore -storepass rsrmpw -keypass rsrmpw -keyalg RSA -dname "​EMAILADDRESS=[admin email address], CN=[server domain name], OU=[companyId:​server domain name], O=[company name], ST=[2 letter state code], C=[2 letter country code]" -validity [number of days] </​code>​ For example: <​code>​ ipass/​RSRM/​java/​bin/​keytool -genkey -alias rsrmsslkey -keystore ​ ipass/​RSRM/​conf/​security/​keystore -storepass rsrmpw -keypass rsrmpw -keyalg RSA -dname "​EMAILADDRESS=admin@ipass.com,​CN=rsrm.ipass.com,​ OU=102:​rsrm.ipass.com,​ O=iPass, ST=CA, C=US" -validity 1825 </​code>​
 +  - Run the following command to genereate certificate signing request: <​code>​ ipass/​RSRM/​java/​bin/​keytool -certreq -alias ​ [keyname] -file [cert request file] -keypass rsrmpw -keystore ​ ipass/​RSRM/​conf/​security/​keystore -storepass rsrmpw </​code>​ For example: <​code>​
 +ipass/​RSRM/​java/​bin/​keytool -certreq -alias ​ rsrmsslkey -file ssl_cert.pem -keypass rsrmpw -keystore ​ ipass/​RSRM/​conf/​security/​keystore -storepass rsrmpw </​code>​
 +  - Submit the certificate to iPass Tech Support for signing:
 +    * Log in to the [[https://​openmobile.ipass.com|Open Mobile Portal]].
 +    * Click **Manage Tickets**.
 +    * In the **Create New** drop-down list, select **Case**.
 +    * Fill out the form requesting a signed RoamServer certificate. For more information on creating a new support case, click [[tickets#​creating_a_new_ticket|here]].
 +    * After Tech Support responds, you may need to send the CSR ''​mail_cert_req.data''​ file.
 +**Import the signed certificate into keystore:**
 +  - Receive the signed certificate from iPass Tech Support.
 +  - Run the following command: <​code>​ ipass/​RSRM/​java/​bin/​keytool -importcert -alias [keyname] -file [signed cert file] -keypass rsrmpw -keystore ipass/​RSRM/​conf/​security/​keystore -storepass rsrmpw -v -trustcacerts </​code>​ For example: <​code>​ ipass/​RSRM/​java/​bin/​keytool -importcert -alias rsrmsslkey -file signed.pem -keypass rsrmpw -keystore ipass/​RSRM/​conf/​security/​keystore -storepass rsrmpw -v -trustcacerts </​code>​
 +===== Start RoamServer Remote Manager =====
 +**Start up RoamServer Remote Manager:**
 +  - Type: ''​cd <​location>​\ipass\RSRM\bin''​.
 +  - Type: ''​startup''​.
 +===== Test RoamServer Remote Manager =====
 +Run the test script. ​
 +  *For Windows, use ''​testconfig.bat''​. ​
 +  *For Linux, use ''​testconfig.sh''​.
 +You will be prompted to enter the RSRM server host name (leave it blank and press Enter to accept the default, ''​localhost''​) and RSRM server port (leave it blank and press Enter to accept the default, ''​8080''​).
 +The test script will run four test:
 +  - ''​Ping'':​ Checks to see if the RoamServer Remote Manger server is up. 
 +  - ''​LDAP'':​ Verifies that the LDAP is configured properly. The LDAP test has two checks: ​
 +    * //host//: Checks if the ''​ldap_host''​ and ''​ldap_port''​ are correct in the ''​rsrm.properties''​ file.
 +    * //​authentication//:​ Checks if the ''​ldap_bind_user''​ and ''​ldap_bind_password''​ are correct in the ''​rsrm.properties''​ file.
 +  - ''​Group'':​ You will be prompted to enter a known valid Group Name and the test will verify whether the Group Search configuration is correct (''​Ldap_GroupBaseDn''​).
 +  - ''​User'':​ You will be prompted to enter a known valid username, and the test will verify whether the User Search configuration is correct (''​Ldap_SearchFilter''​).
 +If your RoamServer Remote Manager passes these tests it should be working properly.
 +===== Firewall Configuration =====
 +The RSRM must be able to communicate with the [[required_configurations_for_open_mobile_access#​Open_Mobile_Portal|Open Mobile Portal]] and the [[required_configurations_for_open_mobile_access#​Open_Mobile_Update_Server|Open Mobile Update Server]]. For a full list of configuration options please see [[Required Configurations for Open Mobile Access]].
 +===== Technical Support Ticket =====
 +If you have not done so already, [[tickets|submit a ticket]] with Technical Support to add your RoamServer Remote Manager through the Open Mobile Portal. ​
 +Go to: [[general_group_subscription_process|Subscription Management Feature]]

©2015 iPass Inc. All rights reserved. Terms of Use