Versions Compared

Old Version 8

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 9

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configuration for LDAP Authentication

The UDMG Authentication Proxy is capable to use a LDAP Service to authenticate users for UDMG Admin UI:

Panel

# Proxy Configuration
[proxy]
# Enable Auto Recover
recover = true
# Enable Cors
cors = true
# Enable  Request Track ID
tracker = false
# Enable Logguer
logger = true
# Listen Port
port = "5000"
# Listen IP 
inet = "127.0.0.1"

# Service with LDAP Authentication
[service.mft]
# MFT Waarp Gateway Listen Protocol
protocol = "http"
# MFT Waarp Gateway Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway Port
port = "18080"

# This option is breaking glass option for admins, they will not reach the LDAP service during the Auth Stage
admins = ["admin"]

# User for Sync Password Between Ldap and Proxy
[service.mft.credential]
# Pre - Setup user under MFT Waarp Gateway
username = "ldap_sync"
password = "ldap_password"

# LDAP Configuration
[service.mft.auth.ldap]
# LDAP Server DC with OU
dn = "ou=users,dc=stonebranch,dc=com"
# LDAP Server FQDN or IP
hostname = "myldap.server.fqdn.com"
# LDAP Server pORT
port = "1389"

...

Panel

# ssh-keygen -t rsa -q -N "" -f /etc/mft/agent_proxy/agent
# ssh-keygen -t rsa -q -N "" -f /etc/mft/agent_proxy/client

If OpenSSH is not installed or not available, the PuTTY tool can be used instead.

Use PuTTYgen to generate a key pair for the agent, more detailled instructions can be found here: Using public keys for SSH authentication

After generating the key, export it with OpenSSH format:

...

Panel

[agent]
# Listen IP Address
hostname = "0.0.0.0"
# Listen Port
port = "2222"
# SSH Priv Key
ssh_key = "agent"
# SSH Public Key
ssh_key_pub = "agent.pub"

# Service User
username = "mft"
# Service Password
password = "61ee8b5601a84d5154387578466c8998848ba089"

The password key will be used for the client authentication.

Client Configuration

  • Create a configuration file as C:\MFT\MFT Agent\client\client.toml

...

Setup the Windows Services

UDMG Server

Open a PowerShell console and create a new service definition:

Panel

$params = @{
Name = "MFT Waarp Gateway Server"
BinaryPathName = '"C:\MFT\MFT Gateway\waarp-gatewayd.exe" server -c "C:\MFT\MFT Gateway\server.ini"'
DisplayName = "MFT Waarp Gateway Server"
StartupType = "Automatic"
Description = "MFT Waarp Gateway Server."
}
New-Service @params

  • Start the service and check the status:
Panel

Start-Service "MFT Waarp Gateway Server"

Be sure that the listen port and network interface is reachable by UDMG Authentication Proxy and UDMG Agent Client.

UDMG Authentication Proxy

  • Create a new service definition:

Panel

$params = @{
Name = "MFT Auth Proxy"
BinaryPathName = 'MFT_AUTH_PROXY_CONFIG=config.toml "C:\MFT\MFT Auth Proxy\server.exe"'
DisplayName = "MFT Auth Proxy server"
StartupType = "Automatic"
Description = "MFT Auth Proxy server."
}
New-Service @params

  • Start the service and check the status:
Panel

Start-Service "MFT Auth Proxy server"

Be sure that the listen port and network interface is reachable by NGINX Server.

UDMG Agent Proxy

Agent Proxy Server Service

  • Create a new service definition:

Panel

$params = @{
Name = "MFT Agent Server"
BinaryPathName = 'MFT_AUTH_PROXY_CONFIG=config.toml "C:\MFT\MFT Agent\server\server.exe"'
DisplayName = "MFT Agent Server"
StartupType = "Automatic"
Description = "MFT Agent server."
}
New-Service @params

  • Start the service and check the status:
Panel

Start-Service "MFT Agent Server"

Be sure that the listen port and network interface is reachable by UDMG Agent Client .

Agent Proxy Client Service

  • Create a new service definition:

Panel

$params = @{
Name = "MFT Agent Client"
BinaryPathName = 'MFT_AUTH_PROXY_CONFIG=config.toml "C:\MFT\MFT Agent\client\server.exe"'
DisplayName = "MFT Agent Client"
StartupType = "Automatic"
Description = "MFT Agent Client."
}
New-Service @params

  • Start the service and check the status:
Panel

Start-Service "MFT Agent Client"

Component Ports

Make sure that all the ports needed are open under your firewall configuration.

References

This document references the following documents.

Name

Location

PostgreSQL Client Authentication

Image Added21.1. The pg_hba.conf File

PostgreSQL Password Authentication

Image Added21.5. Password Authentication