Installing the Agent on Solaris Systems

This section covers information about installing the Server Suite Agent for *NIX on Solaris systems. The procedures differ depending on whether you're installing svr4 or IPS packages. If you're installing IPS packages onto a system with Solaris 11 child zones, there's a separate procedure for that deployment.

For which packaged file to use for installation, refer to the table below.

Solaris version	Package type	x86 or Sparc	Agent package filename
Solaris 10	svr4	x86	`centrify-server-suite-2021.1-sol10-x86.tgz`
Solaris 10	svr4	Sparc	`centrify-server-suite-2021.1-sol10-sparc.tgz`
Solaris 11	svr4	x86	`centrify-server-suite-2021.1-sol10-x86.tgz`
Solaris 11	svr4	Sparc	`centrify-server-suite-2021.1-sol10-sparc.tgz`
Solaris 11	IPS	x86	`centrify-server-suite-2021.1-sol11-i386.tgz`
Solaris 11	IPS	Sparc	`centrify-server-suite-2021.1-sol11-sparc.tgz`

Installing the Solaris Svr4 Agent Packages

Download the solaris package appropriate for your Solaris system and run the install.sh script as mentioned in the "Install interactively on a computer" section. You can follow the same procedure if you're installing on a system with or without child zones.

You can run the following command to verify the Solaris agent package svr4 installation status:

pkginfo | grep -i centrify

Note that there is no space between "pkg" and "info"; if you search for "pkg info" you'll be searching for IPS packages.

Installing the Solaris IPS Agent Packages

This procedure is for systems where you are doing a fresh install of Server Suite software onto a Solaris 11 system with IPS support.

This procedure is the same as for the regular install script, except that you run the install-ips.sh script, not the install.sh script -- see the "Install interactively on a computer" section.

You'll need the centrify-infrastructure-services-VERSION-sol11-i386.tgz file or the centrify-infrastructure-services-VERSION-sol11-sparc.tgz file for this procedure, depending on the type of system you have.

To install the Solaris IPS packages

Download the Server Suite package for your version of Solaris.
Extract the Server Suite packages onto the system.
Run the install-ips.sh script. For example:

./install-ips.sh
Follow the prompts displayed to select the services you want to install and the tasks you want to perform. For example, you can choose whether you want to:
- Perform a default installation.
- Perform a custom installation by selecting the specific packages to install.
- Join a domain automatically at the conclusion of the installation.
  
  Depending on your selections, you may need to provide additional information, such as the user name and password for joining the domain.
You can run the following command to verify the Solaris agent package IPS installation status:

pkg info | grep -i centrify

Note the space between "pkg" and "info"; if you search for "pkginfo" you'll be searching for svr4 packages.

Installing the Solaris IPS Agent Packages With Child Zones

When you install the agent onto a Solaris 11 computer enabled with IPS that also has one or more child zones configured, you need to import the agent packages into a new repository and then install directly from the repository.

You do this install in the global zone and the repository will automatically install the files into the child zones.

You'll need the centrify-infrastructure-services-VERSION-sol11-i386.tgz file or the centrify-infrastructure-services-VERSION-sol11-sparc.tgz file for this procedure, depending on the type of system you have.

To install the Solaris IPS agent packages onto a system with one or more child zones

Create a directory and extract the IPS tgz file into that directory.

For example, create directory called "install-ips" and extract the contents of the tgz file into that directory.
1. Create a repository:
  
  For example, run the following command to create a repository called "my-repo":
  
  Tip: You can run the zfs list command to list all of the zone file systems.
```
zfs create rpool/export/my-repo
zfs set atime=off rpool/export/my-repo 
pkgrepo create /export/my-repo 
pkgrepo set -s /export/my-repo publisher/prefix=centrify
pkgrepo -s /export/my-repo refresh
pkgrepo -s /export/my-repo info
pkg set-publisher -G '*' -M '*' -g /export/my-repo centrify 
pkg publisher
```
  You should see the repository listed.
```
PUBLISHER TYPE STATUS P LOCATION
centrify origin online F file:///export/my-repo
```

Import the packages into the repository. You need to import the packages that end with .p5p and you need to import them one at a time.

In the directory where you extracted the Server Suite Agent packages, list out the files in that directory (use the ls command).

The full package list of files that you need to import into the repository looks something like this:

centrifyda-3.7.0-sol11-i386.p5p
centrifydc-5.7.0-sol11-i386.p55
centrifydc-curl-5.7.0-sol11-i386.p5p
centrifydc-ldapproxy-5.7.0-sol11-i386.p5p
centrifydc-nis-5.7.0-sol11-i386.p5p
centrifydc-openldap-5.7.0-sol11-i386.p5p
centrifydc-openssh-5.7.0-sol11-i386.p5p
centrifydc-openssl-5.7.0-sol11-i386.p5p

Import each package into the repository.

For example, if you're installing all 8 packages, you'll run the following 8 commands:

pkgrecv -s centrifyda-3.7.0-sol11-i386.p5p -d /export/my-repo '*'
pkgrecv -s centrifydc-5.7.0-sol11-i386.p55 -d /export/my-repo '*'
pkgrecv -s centrifydc-curl-5.7.0-sol11-i386.p5p -d /export/my-repo '*'
pkgrecv -s centrifydc-ldapproxy-5.7.0-sol11-i386.p5p -d /export/my-repo '*'
pkgrecv -s centrifydc-nis-5.7.0-sol11-i386.p5p -d /export/my-repo '*'
pkgrecv -s centrifydc-openldap-5.7.0-sol11-i386.p5p -d /export/my-repo '*'
pkgrecv -s centrifydc-openssh-5.7.0-sol11-i386.p5p -d /export/my-repo '*'
pkgrecv -s centrifydc-openssl-5.7.0-sol11-i386.p5p -d /export/my-repo '*'

You can verify that the packages imported correctly by listing out the repository packages.

For example, run the following command:

pkgrepo list -s /export/my-repo

You'll see a list of packages where each package has a long version. For example:

centrify security/centrifydc 5.7.0.207:20200726T052946Z

Install the packages from the repository into the parent and child zones.

Be sure to reference the package's entire version. When you install the centrifydc package, the other packages for cURL, OpenLDAP, and OpenSSL are also installed.

For example, to install centrifydc, you'd run the following command, :

pkg install -r security/centrifydc@5.7.0.207:20200726T052946Z

For example, to install all the packages with one command, you'd run something like this:

pkg install -r security/centrifydc@5.7.0.207:20200726T052946Z security/centrifydc-ldapproxy@5.7.0.207:20200726T053320Z security/centrifydc-nis@5.7.0.207:20200726T053352Z security/centrifydc-openssh@5.7.0.207:20200727T065442Z security/centrifyda@3.7.0.171:20200725T014652Z
You can run the following command to verify the Solaris agent package IPS installation status:

pkg info | grep -i centrify

Note the space between "pkg" and "info"; if you search for "pkginfo" you'll be searching for svr4 packages.

Uninstalling the Agent on Solaris Systems

To uninstall the Solaris svr4 packages

In the directory where you have downloaded and extracted the Centrify Agent packages, run the following command:

./install.sh -e -n
You can run the following command to verify the Solaris agent package svr4 installation status:

pkginfo | grep -i centrify

Note that there is no space between "pkg" and "info"; if you search for "pkg info" you'll be searching for IPS packages.

To uninstall the Solaris IPS packages

In the directory where you have downloaded and extracted the Server Suite Agent packages, run the following command:

./install-ips.sh -e -n
You can run the following command to verify the Solaris agent package IPS installation status:

pkg info | grep -i centrify

Note the space between "pkg" and "info"; if you search for "pkginfo" you'll be searching for svr4 packages.

To uninstall the Solaris IPS packages on systems with one or more child zones

To uninstall a single package from both parent and child zones, run the following command:

pkg uninstall -rpackagename

For example, to uninstall only the CentrifyDA package, run the following command:

pkg uninstall -r security/centrifyda

To uninstall more than one package or all installed packages, enter the package names separated by a space. For example:

pkg uninstall -r security/centrifyda security/centrifydc-curl security/centrifydc-ldapproxy
You can run the following command to verify the Solaris agent package IPS installation status:

pkg info | grep -i centrify

Note the space between "pkg" and "info"; if you search for "pkginfo" you'll be searching for svr4 packages.

Sun Solaris Installation Notes

This section describes the unique characteristics or known limitations that are specific to using authentication service on a computer with the Solaris operating environment.

Changing the Local User Password on Solaris

On Solaris, the passwd command is designed to update the databases listed in the nsswitch.conf file or the specific repositories you indicate with the -r option. Therefore, by default, you can use passwd command without any command line options to update your password wherever necessary.

Once you install authentication service and join the domain, however, Active Directory becomes the primary repository for user account information and changing the password for any local user account you need to maintain outside of Active Directory requires you to explicitly specify the repository to update with the -r option.

For example, if you want to change the password for a local user account in/etc/passwd, you must specify the files repository when you run the passwd command:

passwd -r files user

If you want to update the password for an Active Directory user account, you can use the passwd command without the repository option on Solaris 10. For example:

passwd adusername

If you are using an earlier version of the Solaris operating environment, however, you must use the adpasswd command that is installed with authentication service to update the password for Active Directory user accounts. For information about using adpasswd, see the adpasswd man page or the Administrator's Guide for Linux and UNIX.

Installing Authentication Service Packages into Solaris 10 Zones

All zones should be up and running during an upgrade from a previous release of Server Suite Authentication Service and its add-on packages (for example sudo or Server Suite for Web Applications) should not be installed directly into a sparse zone, they should be installed from the global zone only.

Installing Authentication Service Packages into Solaris 11 Child Zones

You need to install SVR4 packaging tools in the child zone before authentication service can be installed.

To check if the SVR4 package has been installed, run

$ pkg info svr4

If it is not installed yet, run the following to install it:

$ pkg install pkg:/package/svr4

Note that the command above may need internet connection (depends on how the IPS repository is configured in the zone).

Creating a Home Directory for New Users on Solaris

In most operating environments, when new users log on successfully, the authentication service will automatically create the user's home directory. On Solaris, however, the home directory is typically auto-mounted over NFS, so the option to automatically create a new home directory for new users is off by default. You can turn on this feature, if suitable to your environment, by adding the following to /etc/centrifydc/centrifydc.conf:

pam.create.homedir: true

With this flag, the first time a user logs in the home directory will be created. The user will see the message "Failed to create home directory", but this can be ignored.

In Express mode use auto.schema.homedir to specify the home directory for users. Use %{user} as a placeholder for a user's name.

For example:

auto.schema.homedir: /export/home/${user}