...
Panel |
---|
C:\>curl.exe http://localhost:8080
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.23.0</center>
</body>
</html>
|
This error (403) is excepted, since we don't have any asset deployed.
Note: for configuring HTTPS and HTTP redirection, please refer to the web server documentation.
UDMG Admin UI
Uncompress the tar file for MFT Admin UI, under the directory that we created during the configuration.
...
Create the configuration file C:\MFT\MFT Auth Proxy\config.toml
with the following parameters:
Panel |
---|
# Proxy Configuration
[proxy]
# Enable Auto Recover
recover = true
# Enable Cors
cors = true
# Enable Request Track ID
tracker = false
# Enable Logguer
logger = true
# Listen Port
port = "5000"
# Listen IP
inet = "127.0.0.1"
# Local
[service.local]
# MFT Waarp Gateway Listen Protocol
protocol = "http"
# MFT Waarp Gateway Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway Port
port = "18080""
|
- Install the binary under
C:\MFT\MFT Auth Proxy
called mft_auth_proxy_server.exe
Configuration for LDAP Authentication
The UDMG Authentication Proxy is capable to use a LDAP Service to authenticate users for UDMG Admin UI:
Panel |
---|
# Proxy Configuration
[proxy]
# Enable Auto Recover
recover = true
# Enable Cors
cors = true
# Enable Request Track ID
tracker = false
# Enable Logguer
logger = true
# Listen Port
port = "5000"
# Listen IP
inet = "127.0.0.1"
# Service with LDAP Authentication
[service.mft]
# MFT Waarp Gateway Listen Protocol
protocol = "http"
# MFT Waarp Gateway Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway Port
port = "18080"
# This option is breaking glass option for admins, they will not reach the LDAP service during the Auth Stage
admins = ["admin"]
# User for Sync Password Between Ldap and Proxy
[service.mft.credential]
# Pre - Setup user under MFT Waarp Gateway
username = "ldap_sync"
password = "ldap_password"
# LDAP Configuration
[service.mft.auth.ldap]
# LDAP Server DC with OU
dn = "ou=users,dc=stonebranch,dc=com"
# LDAP Server FQDN or IP
hostname = "myldap.server.fqdn.com"
# LDAP Server pORT
port = "1389"
|
Note |
---|
The LDAP replication requires a user with permission for creating and updating users. For example to create the 'ldap_sync' user with the command line interface: waarp_gateway user add -u ldap_sync -p ldap_password -r 'U=rw' In case of successful authentication on the LDAP, the user is created with default read permission in the internal UDMG database if it does not exist. Otherwise the credentials are updated in the database to allow for authentication on the REST and CLI interfaces.
|
UDMG Agent Proxy
Create a directory C:\MFT\MFT Agent
Install the binaries as mft_agent_proxy_client
and mft_agent_proxy_server
Agent Configuration
Generate a SSH Key for the service.
For example with the Windows OpenSSH tools (
Image AddedKey-based authentication in OpenSSH for Windows)
Panel |
---|
# ssh-keygen -t rsa -q -N "" -f /etc/mft/agent_proxy/agent
# ssh-keygen -t rsa -q -N "" -f /etc/mft/agent_proxy/client
|
If OpenSSH is not installed or not available, the PuTTY tool can be used instead.
Use PuTTYgen to generate a key pair for the agent, more detailled instructions can be found here: Using public keys for SSH authentication
Image Added
After generating the key, export it with OpenSSH format:
Image Added
Create a configuration file as C:\MFT\MFT Agent\agent\agent.toml
Panel |
---|
[agent]
# Listen IP Address
hostname = "0.0.0.0"
# Listen Port
port = "2222"
# SSH Priv Key
ssh_key = "agent"
# SSH Public Key
ssh_key_pub = "agent.pub"
# Service User
username = "mft"
# Service Password
password = "61ee8b5601a84d5154387578466c8998848ba089"
|
The password key will be used for the client authentication.
Client Configuration
Create a configuration file as C:\MFT\MFT Agent\client\client.toml
Panel |
---|
[client]
# MFT Agent Proxy Hostname or IP
hostname = "localhost"
# MFT Agent Proxy Listen Port
port = "2222"
# SSH Priv Key
ssh_key = "/etc/mft/agent_proxy/client"
# SSH Public Key
ssh_key_pub = "/etc/mft/agent_proxy/client.pub"
# Service User
username = "mft"
# Service Password
password = "61ee8b5601a84d5154387578466c8998848ba089"
# Default TTL to Connection Retry
ttl="5s"
# MFT Agent Client Admin API
[client.api]
# Listen Port
port="2280"
# MFT Waarp Gateway
[gateway]
# MFT Waarp Gateway Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway Port
port = "18080"
# MFT Waarp Gateway Username/Password
username = "admin"
password = "admin_password"
|
The password key will be used for the client authentication.
Setup the Windows Services
UDMG Server
Open a PowerShell console and create a new service definition: