Valid on UNIX
The uxpreinstall utility verifies that a UNIX endpoint complies with UNAB system requirements. uxpreinstall performs the following checks:
If the uxpreinstall utility finds a critical error that means it cannot perform subsequent checks, the utility stops immediately.
After uxpreinstall runs, it displays the result of the checks. Any errors or conflicts in the uxpreinstall output are issues that may cause UNAB operational problems, for example, user authentication failure. We strongly recommend that you resolve any errors or conflicts that uxpreinstall identifies before you activate and use UNAB.
Important! The uxpreinstall utility informs you of real or potential problems but does not correct them. You cannot use the utility to configure the operating system or UNAB.
You can run uxpreinstall before or after you install UNAB. If you run uxpreinstall before you install UNAB, the utility creates a temporary Kerberos file and checks the configuration of the Kerberos file instead of the uxauth.ini configuration. If you run uxpreinstall after you install UNAB, the utility does not create the temporary Kerberos file. Instead, it checks the value of the lookup_dc_list token in the [ad] section of the uxauth.ini file.
Note: To run uxpreinstall before you install UNAB, copy the utility from another endpoint on which UNAB is installed.
The following sections of the uxpreinstall output check if the endpoint configuration lets UNAB users use Kerberized SSO login. If you do not want to enable SSO logins for UNAB users, you can ignore any information in these sections:
Note: For more information about using uxpreinstall to check system compliance, see the Implementation Guide.
This command has the following format:
uxpreinstall [-a user] [-w passwd] [-n ntp_server] [{-d domain | -s server}] [-p port] [-f logfile] [-force] [-v level] [-l] [-h]
Defines the user account to use to log in to Active Directory.
Default: Administrator
Defines the password for the user account.
Defines the name of the Network Time Server (NTP).
Defines the domain name where the Active Directory is installed.
Defines the name of the Active Directory server.
Defines the port number on which Active Directory listens.
Defines the name of the log file to use.
Specifies to force continue the system compliance check regardless of errors
Defines the verbosity level of uxpreinstall output.
Options:
0—Displays a summary of the checks that uxpreinstall performs and any errors or conflicts that it identifies.
1—Displays the same information as 0 and additional information about each check.
2—Displays the same information as 1 and the commands that uxpreinstall uses for each check.
3—Displays the same information as 2 and the output of each command.
4—Displays the same information as 3 and extra information for some checks, for example, package details.
Default: 0
Specifies to perform checks on the syslog file. Applicable for root users only.
Specifies to display the utility help and exit.
Example: Run the uxpreinstall Utility
This example runs the uxpreinstall utility with the credentials of the administrator user against the Active Directory domain mydomain.com with a verbosity level of 1:
/opt/CA/uxauth/bin/uxpreinstall -a administrator -w admin -d mydomain.com -v 1
Example: The uxpreinstall Utility Report
The following is a snippet of the uxpreinstall utility report that shows how you determine whether your system complies with the system requirements:
OS detected: Linux 2.6.5-7.244-default ******************************************** CHECKING CLOCK SYNCHRONIZATION ******************************************** Comparing the value of the currentTime attribute in DSE with the local time ... Current clock skew is 34 sec. The default value for the maximum clock skew is 300 seconds. Warning! Significant clock skew can cause user authentication failure --------------------------------------------- W A R N I N G --------------------------------------------- ******************************************** CHECKING KERBEROS AUTHENTICATION VIA AD ******************************************** principal_name = <Administrator@mydomain.com> Kerberos authentication for <Administrator@mydomain.com> succeeded --------------------------------------------- S U C C E S S --------------------------------------------- ******************************************** CHECKING AD SCHEMA VERSION ******************************************** Trying LDAP service at server.mydomain.com:389 Binding to Active Directory via 'server1.mydomaiin.com' ... AD Schema version 31 (Windows Server 2003 R2 or Windows Server 7 (AD LDS)) supports full and partial UNAB integration modes. --------------------------------------------- S U C C E S S --------------------------------------------- . . .
In this example, the output shows the following information:
Copyright © 2013 CA Technologies.
All rights reserved.
|
|