Previous Topic: Verify that the UNIX Computer Name Resolves CorrectlyNext Topic: Manage UNAB with CA ControlMinder Enterprise Management


UNAB Installation Parameters File—Customize UNAB Installation

The UNAB parameters file contains installation parameters that you can customize for your requirements.

This file has the following format:

AUDIT_BK

Specifies whether to keep time stamped backups of the audit file.

Note: Set the value to yes if you want to send audit data to the Distribution Server. If you set the value to yes, CA ControlMinder backs up the audit file when it reaches the size limit specified by the audit_size configuration settings and time stamps the file. This ensures that all audit data is available to the Report Agent.

Limits: yes, no

Default: no

COMPUTERS_CONTAINER

Defines the container name in the Active Directory under which the UNIX computer is registered.

Default: cn=Computers

DIST_SRV_HOST

Specifies the Distribution Server host name.

Limits: any valid host name.

Default: none

DIST_SRV_PORT

Specifies the Distribution Server port number.

Limits: SSL: 7243, TCP: 7222

Default: 7243

DIST_SRV_PROTOCOL

Specifies the Distribution Server communication protocol.

Limits: tcp, ssl

Default: ssl

ENABLE_ELM

Specifies whether the Report Agent sends endpoint audit data to the Distribution Server. This lets you integrate with CA User Activity Reporting.

Note: If you set the value to yes, set CA ControlMinder to keep audit backups (AUDIT_BK=yes).

Limits: yes, no

Default: no

GROUP_CONTAINER

Defines the name of the Active Directory container that holds the definitions of UNIX groups.

IGNORE_DC_LIST

Specifies which Active Directory Domain Controllers UNAB ignores when establishing LDAP connection.

Note: You can specify Domain Controllers from both the current and trusted domains.

Limits: none, comma separated list

Default: none

IGNORE_DOMAIN_LIST

Specifies which Active Directory domains UNAB ignores when querying for users and groups.

Limits: none, UNAB queries the current and all trusted domains; all, UNAB queries only the current domain; a comma separated list of domains to ignore

Default: none

IGNORE_USER_CONTAINER

Specifies the user containers to ignore when searching Active Directory.

Containers are defined by their distinguished names (DN) separated by semicolon. If the container DN does not contain domains names, it is applied to all queried domains.

Limits: list of container DN separated by semicolon, none

Default: none

IGNORE_GROUP_CONTAINER

Specifies the group containers to ignore when searching Active Directory.

Containers are defined by their distinguished names (DN) separated by semicolon. If the container DN does not contain domains names, it is applied to all queried domains.

Limits: list of container DN separated by semicolon, none

Default: none

INTEGRATION_MODE

Specifies the UNAB integration mode.

Limits: 1, partial integration; 2, full integration

Default: 2

JAVA_HOME

(Linux s390) Specifies the full pathname to the installed Java environment, depending on the Java version and operating system.

Specify this parameter only if the Java environment is not installed in the default location. If the Java environment is installed in the default location, the installation program sets the value of this parameter.

LANG

Specifies the installation language.

LIC_CMD

Specifies the license acceptance command.

LOCAL_POLICY

Specifies the login policy usage options.

Limits: yes, use UNAB policy and local login file, no, use UNAB login policy only.

Default: no

LOOKUP_DC_LIST

Specifies the Active Directory Domain Controllers (DCs) to establish LDAP connection with.

Note: You can specify DCs from both the current and trusted domains. If you specify the DCs to use, UNAB retrieves the list of DCs from Active Directory. If you do not specify the DCs to use, UNAB discovers the Active Directory site that is closest to the physical location of the endpoint and communicates with DCs in the discovered site.

Limits: none, comma separated list.

Default: none

NTP_SRV

Defines the name or IP address of the Network Time Protocol (NTP) server.

REPORT_SHARED_SECRET

Specify the shared secret that the Report Agent uses to authenticate against the Distribution Server.

Limits: Any valid string.

Default: none

Note: You must specify the same shared secret that you defined when you installed the Distribution Server.

REPORT_SRV_QNAME

Specifies the name of the queue that snapshots are sent to.

Limits: A string representing the queue name.

Default: queue/snapshots

REPORT_SRV_SCHEDULE

Defines when the Report Agent generates reports and sends them to the Distribution Server.

This token uses the following format: time@day[,day2] [...]

Default: 00:00@Sun,Mon,Tue,Wed,Thu,Fri,Sat

RENAME_KRB_TKT

Specifies whether to rename the Kerberos ticket that was generated during user login.

Note: Use this option to support SSO login if the user Kerberos ticket name consists of random strings.When enabled this token the script /etc/profile.d/uxauth_rename_krb_tkt.sh renames the user ticket and set the corresponding value of environment variable KRB5CCNAME.

Limits: yes, no

Default: no

SSO

Specifies whether UNAB supports Kerberos-based Single Sign On (SSO)

Limits: yes, no

Default: no

TIME_SYNCH

Specifies whether UNAB synchronizes system time with an NTP (Network Time Protocol) server.

Note: If you set this value to yes, you must specify a value for the NTP_SRV token. If you set this value to no, UNAB uses the UNIX mechanism for system time that is defined in /etc/ntp.conf.

Limits: yes, no

Default: no

USER CONTAINER

Defines the Active Directory container name holding the definitions of UNIX users.

UXACT_ADMINISTRATOR

Defines the user name of the Active Directory administrator.

UXACT_ADMIN_PASSWORD

Defines the account password of the Active Directory administrator.

UXACT_DOMAIN

Defines the domain that the UNIX computer is part of.

UXACT_RUN

Specifies whether to execute the uxconsole -register command during installation.

Limits: yes, no

Default: no

Note: The uxconsole -register command registers the UNIX computer in the Active Directory server under the Computers container.

UXACT_RUN_AGENT

Specifies whether to start UNAB daemon at the end of the installation process.

Limits: yes, no

Default:yes

UXACT_SERVER

Defines the name of the Active Directory server.

UXACT_VERB_LEVEL

Defines the verbosity level.

Limits: 0-7