Versions Compared

Old Version 7

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 8

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

C:\>curl.exe http://localhost:8080
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.23.0</center>
</body>
</html>

This error (403) is excepted, since we don't have any asset deployed.

Note: for configuring HTTPS and HTTP redirection, please refer to the web server documentation.

UDMG Admin UI

  • Uncompress the tar file for MFT Admin UI, under the directory that we created during the configuration.

...

  • Create the configuration file C:\MFT\MFT Auth Proxy\config.toml with the following parameters:

Panel

# Proxy Configuration
[proxy]
# Enable Auto Recover
recover = true
# Enable Cors
cors = true
# Enable  Request Track ID
tracker = false
# Enable Logguer
logger = true
# Listen Port
port = "5000"
# Listen IP 
inet = "127.0.0.1"

# Local
[service.local]
# MFT Waarp Gateway Listen Protocol
protocol = "http"
# MFT Waarp Gateway Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway Port
port = "18080""

  • Install the binary under C:\MFT\MFT Auth Proxy called mft_auth_proxy_server.exe

Configuration for LDAP Authentication

The UDMG Authentication Proxy is capable to use a LDAP Service to authenticate users for UDMG Admin UI:

Panel

# Proxy Configuration
[proxy]
# Enable Auto Recover
recover = true
# Enable Cors
cors = true
# Enable  Request Track ID
tracker = false
# Enable Logguer
logger = true
# Listen Port
port = "5000"
# Listen IP 
inet = "127.0.0.1"

# Service with LDAP Authentication
[service.mft]
# MFT Waarp Gateway Listen Protocol
protocol = "http"
# MFT Waarp Gateway Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway Port
port = "18080"

# This option is breaking glass option for admins, they will not reach the LDAP service during the Auth Stage
admins = ["admin"]

# User for Sync Password Between Ldap and Proxy
[service.mft.credential]
# Pre - Setup user under MFT Waarp Gateway
username = "ldap_sync"
password = "ldap_password"

# LDAP Configuration
[service.mft.auth.ldap]
# LDAP Server DC with OU
dn = "ou=users,dc=stonebranch,dc=com"
# LDAP Server FQDN or IP
hostname = "myldap.server.fqdn.com"
# LDAP Server pORT
port = "1389"

Note

The LDAP replication requires a user with permission for creating and updating users. For example to create the 'ldap_sync' user with the command line interface:

waarp_gateway user add -u ldap_sync -p ldap_password -r 'U=rw'
In case of successful authentication on the LDAP, the user is created with default read permission in the internal UDMG database if it does not exist. Otherwise the credentials are updated in the database to allow for authentication on the REST and CLI interfaces.

UDMG Agent Proxy

  • Create a directory C:\MFT\MFT Agent

  • Install the binaries as mft_agent_proxy_client and mft_agent_proxy_server

Agent Configuration

Panel

# ssh-keygen -t rsa -q -N "" -f /etc/mft/agent_proxy/agent
# ssh-keygen -t rsa -q -N "" -f /etc/mft/agent_proxy/client

If OpenSSH is not installed or not available, the PuTTY tool can be used instead.

Use PuTTYgen to generate a key pair for the agent, more detailled instructions can be found here: Using public keys for SSH authentication

Image Added

After generating the key, export it with OpenSSH format:

Image Added

  • Create a configuration file as C:\MFT\MFT Agent\agent\agent.toml

Panel

[agent]
# Listen IP Address
hostname = "0.0.0.0"
# Listen Port
port = "2222"
# SSH Priv Key
ssh_key = "agent"
# SSH Public Key
ssh_key_pub = "agent.pub"

# Service User
username = "mft"
# Service Password
password = "61ee8b5601a84d5154387578466c8998848ba089"

The password key will be used for the client authentication.

Client Configuration

  • Create a configuration file as C:\MFT\MFT Agent\client\client.toml

Panel

[client]
# MFT Agent Proxy Hostname or IP
hostname = "localhost"
# MFT Agent Proxy Listen Port
port = "2222"

# SSH Priv Key
ssh_key = "/etc/mft/agent_proxy/client"
# SSH Public Key
ssh_key_pub = "/etc/mft/agent_proxy/client.pub"

# Service User
username = "mft"
# Service Password
password = "61ee8b5601a84d5154387578466c8998848ba089"

# Default TTL to Connection Retry
ttl="5s"

# MFT Agent Client Admin API
[client.api]
# Listen Port
port="2280"

# MFT Waarp Gateway
[gateway]
# MFT Waarp Gateway Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway Port
port = "18080"
# MFT Waarp Gateway Username/Password
username = "admin"
password = "admin_password"

The password key will be used for the client authentication.


Setup the Windows Services

UDMG Server

Open a PowerShell console and create a new service definition: