Digipass Plug-In for SBR Installation Guide - Vasco

vasco

Digipass Plug-In for SBR Installation Guide - Vasco

Digipass Plug-In for SBR

SBR Plug-In

SBR

Steel-Belted RADIUS

Installation G uide


Disclaimer of Warranties and Limitations of Liabilities

Disclaimer of Warranties and Limitations of Liabilities

The Product is provided on an 'as is' basis, without any other warranties, or conditions, express

or implied, including but not limited to warranties of merchantable quality, merchantability of

fitness for a particular purpose, or those arising by law, statute, usage of trade or course of

dealing. The entire risk as to the results and performance of the product is assumed by you.

Neither we nor our dealers or suppliers shall have any liability to you or any other person or

entity for any indirect, incidental, special or consequential damages whatsoever, including but

not limited to loss of revenue or profit, lost or damaged data of other commercial or economic

loss, even if we have been advised of the possibility of such damages or they are foreseeable;

or for claims by a third party. Our maximum aggregate liability to you, and that of our dealers

and suppliers shall not exceed the amount paid by you for the Product. The limitations in this

section shall apply whether or not the alleged breach or default is a breach of a fundamental

condition or term, or a fundamental breach. Some states/countries do not allow the exclusion

or limitation or liability for consequential or incidental damages so the above limitation may

not apply to you.

Copyright

© 2006 VASCO Data Security Inc. All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in

any form or by any means, electronic, mechanical, photocopying, recording, or otherwise,

without the prior written permission of VASCO Data Security Inc.

Trademarks

VACMAN and Digipass are registered trademarks of VASCO Data Security International Inc.

Microsoft and Windows are registered trademarks of Microsoft Corporation.

All other trademarks are the property of their respective holders.

© 2006 VASCO Data Security Inc. 2


Digipass Plug-In for SBR Installation Guide Table of Contents

Table of Contents

1 Introduction..........................................................................................................5

1.1 Available Reference Guides.......................................................................................... 5

1.2 System Requirements...................................................................................................6

1.2.1 Requirements Specific to Active Directory.................................................................... 6

1.2.2 Requirements Specific to ODBC Database.................................................................... 6

1.3 Components and Options..............................................................................................7

2 Pre-installation Tasks........................................................................................... 8

2.1 Data Store.................................................................................................................... 8

2.2 Active Directory............................................................................................................9

2.2.1 Checklist – Decisions................................................................................................ 9

2.2.2 Active Directory Setup.............................................................................................. 9

2.2.2.1 Schema Extensions............................................................................................................9

2.2.3 SSL Setup.............................................................................................................. 9

2.3 ODBC Database...........................................................................................................11

2.3.1 Checklist – Decisions.............................................................................................. 11

2.3.2 Modify Database Structure...................................................................................... 11

2.3.2.1 DPDBadmin Utility........................................................................................................... 11

2.3.2.2 Permissions.................................................................................................................... 11

2.3.3 PostgreSQL Database............................................................................................. 12

2.4 System Clock.............................................................................................................. 12

2.5 Serial Number and Maintenance ID............................................................................ 12

2.6 Checklist – Active Directory........................................................................................13

2.7 Checklist – ODBC Database.........................................................................................13

3 Installing Digipass Plug-In for SBR.....................................................................14

3.1 Typical Installation – Active Directory........................................................................ 14

3.1.1 Scenario & Decisions.............................................................................................. 14

3.1.2 Extend Schema..................................................................................................... 14

3.1.3 Run Install............................................................................................................ 15

3.2 Typical Installation – Embedded Database................................................................. 22

3.2.1 Scenario & Decisions.............................................................................................. 22

3.2.2 Run Install............................................................................................................ 22

3.3 Typical Installation – ODBC Database.........................................................................28

3.3.1 Scenario & Decisions.............................................................................................. 28

3.3.2 Extend Schema..................................................................................................... 28

3.3.3 Run Install............................................................................................................ 29

3.4 Multiple Product Installation...................................................................................... 36

3.5 Upgrading from Digipass Plug-In for Funk 2.0 or 2.1..................................................37

3.6 Post-Installation Tasks...............................................................................................38

3.6.1 Licensing.............................................................................................................. 38

3.6.1.1 Evaluation Serial Number..................................................................................................38

3.6.1.2 Obtain License Key File.....................................................................................................38

3.6.1.3 Load License Key.............................................................................................................38

3.6.2 Encryption Settings................................................................................................ 39

3.6.3 Backup Strategy.................................................................................................... 39

3.6.4 Active Directory Tasks............................................................................................ 39

© 2006 VASCO Data Security Inc. 3


Digipass Plug-In for SBR Installation Guide Table of Contents

3.6.4.1 Additional Setup Steps for Multiple Domains........................................................................39

3.6.4.2 Set up Active Directory SSL.............................................................................................. 39

3.6.4.3 Active Directory Replication...............................................................................................39

3.6.4.4 Active Directory Auditing.................................................................................................. 40

3.6.5 ODBC Tasks.......................................................................................................... 40

3.6.5.1 Configure User ID and Domain Handling............................................................................. 40

3.6.5.2 Permissions for Group Check.............................................................................................41

3.6.5.3 Configure Connection Parameters...................................................................................... 42

3.6.5.4 Additional Databases........................................................................................................42

3.6.5.5 Additional Setup Steps for Multiple SBR Plug-Ins..................................................................42

3.6.6 Configure Steel-Belted RADIUS to Use SBR Plug-In..................................................... 42

4 Add Components to Installation..........................................................................43

5 Repair Installation.............................................................................................. 44

6 Uninstall Digipass Plug-In for SBR...................................................................... 45

6.1 Manual Uninstall......................................................................................................... 45

6.2 Active Directory..........................................................................................................45

6.3 ODBC Database...........................................................................................................45

7 DPADadmin Utility...............................................................................................46

7.1 addschema command................................................................................................. 46

7.2 upgradeprofiles command.......................................................................................... 48

8 DPDBadmin Utility...............................................................................................49

8.1 addschema command................................................................................................. 49

8.1.1.1 Prerequisite Information................................................................................................... 49

8.1.1.2 Extend the Schema on the SBR Server............................................................................... 49

8.1.1.3 Command Line Syntax......................................................................................................49

8.2 upgradeprofiles command.......................................................................................... 51

© 2006 VASCO Data Security Inc. 4


Digipass Plug-In for SBR Installation Guide Introduction

1 Introduction

1.1 Available Reference Guides

These Reference Guides are available:

Product Guide

The Product Guide will introduce you to the features of this product and the various options

you have for using it.

Installation Guide

Use this guide when planning and working through an installation of the product.

Getting Started

To get you up and running quickly with a simple installation and setup of the product.

Administrator Reference

In-depth information required for administration of the product.

Data Migration Tool Guide

Takes you through a data migration from one VASCO product to another, using the VASCO

Data Migration Tool.

Help Files

Accompany various utilities and the administration interfaces.

© 2006 VASCO Data Security Inc. 5


Digipass Plug-In for SBR Installation Guide Introduction

1.2 System Requirements

SBR Plug-In

Steel-Belted RADIUS 5.0 or greater

Operating System

One of the following Windows versions:

Language

Windows Server 2003 (32-bit version only)

Windows XP Professional (32-bit version only) with Service Pack 1 or above

Windows 2000 with Service Pack 4 or above

The Digipass Plug-In for SBR is designed to function on any language version of Windows.

However, the product has only been comprehensively tested on English language versions of

Windows, with some additional German language testing.

1.2.1 Requirements Specific to Active Directory

Digipass Extension for Active Directory Users and Computers

Active Directory Users and Computers Snap-In

Active Directory set up for SSL

In the following cases, SSL must be available for Digipass Plug-In for SBR components to

connect to Active Directory:

SBR Plug-In not installed on a Domain Controller.

Administration Interfaces not installed on a Domain Controller.

SBR Plug-In and/or Administration Interface(s) on a Domain Controller, but accessing

data in another domain.

An Enterprise Certificate Authority must be installed in the forest to enable SSL.

Windows Certificate Services is available as an optional Windows component.

1.2.2 Requirements Specific to ODBC Database

The Digipass Plug-In for SBR will support most modern ODBC-compliant relational,

transactional databases. It has been tested on the following databases:

Oracle 9i

Microsoft SQL Server 2000

DB2 8.1

Sybase Adaptive Server Anywhere 9.0

PostgreSQL 8.1

© 2006 VASCO Data Security Inc. 6


Digipass Plug-In for SBR Installation Guide Introduction

1.3 Components and Options

The following components make up the Digipass Plug-In for SBR. See the Product Guide for

more information.

SBR Plug-In

The SBR Plug-In is an Authentication Module for Steel-Belted RADIUS which permits an

increase in SBR security by adding two-factor authentication.

Digipass Extension for Active Directory Users and Computers

Digipass Extension to the Active Directory Users and Computers interface. It allows integrated

administration of additional User settings and Digipass records. The Extension is used only

when Active Directory is selected as the data store for the Digipass Plug-In for SBR.

Administration MMC Interface

This interface allows easy administration of Digipass-related data. If the data store is Active

Directory, the Administration MMC Interface will be used only to administer configuration

settings such as Policies and Components. If the data store is an ODBC database, the interface

will be used to administer all Digipass-related data.

User Self Management Web Site

Allows Users to make appropriate changes to their own Digipass User account, including

password changes.

Virtual Digipass Message Delivery Component

Sends a One Time Password through a text message gateway to a User’s mobile phone.

Virtual Digipass OTP Request Site

Allows a User to specifically request an OTP to be sent to their mobile phone.

© 2006 VASCO Data Security Inc. 7


Digipass Plug-In for SBR Installation Guide Pre-installation Tasks

2 Pre-installation Tasks

This section outlines the preparation that you need to do before installing the Digipass Plug-In

for SBR.

2.1 Data Store

Before starting other pre-install tasks, you must decide on the type of data store to be used.

There are three options:

Active Directory

Integrate Digipass-related data with Active Directory and Windows user accounts.

ODBC Database

Include Digipass-related data in a new or existing ODBC database.

Embedded PostgreSQL Database

Include an embedded PostgreSQL database in the installation of Digipass Plug-In for SBR, and

use it as the data store.

© 2006 VASCO Data Security Inc. 8


Digipass Plug-In for SBR Installation Guide Pre-installation Tasks

2.2 Active Directory

2.2.1 Checklist – Decisions

The following checklist contains the key decisions to make before you start.

Approve the Schema Extensions

If your company has an approval process to go through for extensions to the Active

Directory Schema, go through this process.

Identify the Digipass Configuration Domain

Either identify an existing Domain or sub-domain into which the Digipass

Configuration Container should be added, or plan to create a new one.

Domain Administrator

Select a Domain Administrator account in the Digipass Configuration Domain to use

in installing the Digipass Plug-In for SBR.

Installation Location

Decide where to install the Plug-In, if a choice of SBR server location exists.

If you are installing with the purpose of going through a basic evaluation process,

installing onto a Domain Controller is recommended. This will mean that SSL will not

need to be set up in order for the Plug-In to function.

2.2.2 Active Directory Setup

2.2.2.1 Schema Extensions

Run the addschema command:

1. Log into the Schema Master as a member of the Schema Administrators group.

2. Copy dpadadmin.exe onto the Schema Master

3. Open a command prompt in the location to which it was copied.

4. Type:

dpadadmin addschema -v

5. If DPADadmin detects that Schema extensions are not currently permitted, it will

prompt you whether to enable them or not. Enter y to enable them, or n to cancel

(see 7.1 addschema command for more information).

6. Wait several minutes for the Schema extensions to replicate to all the domains and for

the local Domain Controller to update its internal data caches.

2.2.3 SSL Setup

An Enterprise Certificate Authority must exist in the forest so that SSL may be used by the

SBR Plug-In to connect to Active Directory. If one is not already installed, follow the

instructions below to install the Certificate Authority included with Windows.

The Certificate Authority may be installed on any server in the forest, if the server selected is

available to the Domain Controller(s) used by the SBR Plug-In.

© 2006 VASCO Data Security Inc. 9


Digipass Plug-In for SBR Installation Guide Pre-installation Tasks

You may need the Windows CD in order to complete this process.

1. Open Windows Add or Remove Programs.

2. Click on the Add/Remove Windows Components button.

The Windows Components Wizard will be displayed.

3. Tick the Certificate Services checkbox and click Next.

4. Select the Enterprise root CA option button and click Next.

5. Enter the details required and click on Next.

6. If required, modify the Data Storage Locations. Otherwise, leave these as the default

values and click on Next.

Certificate Server has now been installed. Wait several minutes to allow the Domain

Controllers to enrol for Domain Controller certificates.

© 2006 VASCO Data Security Inc. 10


Digipass Plug-In for SBR Installation Guide Pre-installation Tasks

2.3 ODBC Database

2.3.1 Checklist – Decisions

The following checklist contains the key decisions to make before you start.

Database Location and Setup

A number of decisions are required for the ODBC database to be used:

The server on which the database will be located.

Will the data for the Digipass Plug-In for SBR will be stored in a new database, or

added to an existing database.

Will a new schema be used?

Which database account will own the tables created?

New Database

Decide the collation sequence to be used – for example, case-sensitivity.

Database User Accounts

Create or select database user accounts for:

Modifying the database schema (database administrator account required).

SBR Plug-In (see the Administrator Reference for details on the permissions

required)

Administration MMC Interface (see the Administrator Reference for details on the

permissions required)

2.3.2 Modify Database Structure

2.3.2.1 DPDBadmin Utility

Run the addschema command:

1. Copy dpdbadmin.exe from the Windows/Utilities directory on the installation CD or

zip file onto the computer from which the database can be accessed.

2. Create an ODBC Data Source for the database on the computer, if one does not

currently exist.

3. Open a command prompt in the location to which it was copied.

4. Type:

dpdbadmin addschema –u user_name –p password -d dsn

Ensure that the User ID and password used are that of the database administrator

account.

2.3.2.2 Permissions

If the database user account used by the SBR Plug-In is not the owner of the tables and is not

a database administrator account, it must be granted permissions for the tables, or ownership

of the tables transferred.

© 2006 VASCO Data Security Inc. 11


Digipass Plug-In for SBR Installation Guide Pre-installation Tasks

The database user account used by the Administration MMC Interface will require the same.

Note

Ensure that it is possible for the account(s) mentioned to reference the tables

by name without a schema prefix. If this cannot be done, see the Administrator

Reference for advanced setup instructions.

2.3.3 PostgreSQL Database

If you will be using a PostgreSQL database other than the embedded database (ie, selecting

the Plug-In install using an ODBC-compliant database option during installation), ensure

that the LF CR/LF conversion option is disabled. To do this:

1. Open the ODBC Data Source Administrator.

2. Select the data source.

3. Click on Configure...

4. Click on Datasource.

5. Click on Page 2.

6. Untick the LF CR/LF conversion checkbox.

7. Click on OK.

8. Click on Save.

9. Click on OK.

2.4 System Clock

The SBR Plug-In requires that your server’s time is set correctly in relation to GMT, and that

the time zone and daylight savings indicators are set correctly.

All machines hosting components of the Digipass Plug-In for SBR, if not Domain Controllers,

should be clock-synchronized with the Domain Controller(s) in the domain.

2.5 Serial Number and Maintenance ID

You must have a product Serial Number and a company Maintenance ID unless you are

installing an evaluation version of the Digipass Plug-In for SBR. If these have not been issued

to you, contact your VASCO Reseller.

© 2006 VASCO Data Security Inc. 12


Digipass Plug-In for SBR Installation Guide Pre-installation Tasks

2.6 Checklist – Active Directory

Digipass Configuration Domain has been identified.

Active Directory Schema extensions have been made.

Active Directory changes have been replicated to all required Domain

Controllers.

System clock and time zone settings are accurate.

Serial Number has been obtained.

Enterprise Certificate Authority is installed, if SSL is required.

2.7 Checklist – ODBC Database

Database schema modifications have been made to a new or existing

database.

Database user account(s) for SBR Plug-In and administration have been

created. Required permissions have been granted to the account(s).

System clock and time zone settings are accurate.

Serial Number and Maintenance ID have been obtained.

© 2006 VASCO Data Security Inc. 13


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3 Installing Digipass Plug-In for SBR

3.1 Typical Installation – Active Directory

3.1.1 Scenario & Decisions

This 'typical installation' process uses the following decisions and scenario:

Implementation Decisions

The following decisions were taken for the purposes of this installation process:

The Schema extensions have been approved.

The Digipass Configuration Domain has been identified as the existing sub-domain,

test.dm3.vasco.

The member server SVR of the sub-domain test.dm3.vasco will be used to install

Digipass Plug-In for SBR. This requires an Enterprise Certificate Authority to be installed

in the forest, so that SSL is enabled. The instructions will take you through installing

Windows Certificate Services onto a Domain Controller in the Forest Root domain.

The scenario

A Domain dm3.vasco (this is the Forest Root Domain).

A sub-domain test.dm3.vasco of dm3.vasco. The sub-domain acts as the Digipass

Configuration Domain and contains all the configuration data, including Policies and

Components.

A single SBR Server SVR, a member server in the Digipass Configuration Domain.

A Domain Controller DC-02 acting as the Schema Master on dm3.vasco.

Certificate Server will be installed on DC-02.

3.1.2 Extend Schema

Run the addschema command:

1. Log into the machine from which schema changes will be made (DC-02).

2. Copy dpadadmin.exe onto the machine.

3. Open a command prompt in the location to which it was copied.

4. Type:

dpadadmin addschema

5. If DPADadmin detects that Schema extensions are not currently permitted, it will

prompt you whether to enable them or not. Enter y to enable them, or n to cancel.

6. Wait several minutes for the Schema extensions to replicate to the sub-domain and

for the local Domain Controller to update its internal data caches.

© 2006 VASCO Data Security Inc. 14


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.1.3 Run Install

Install the standard installation components on a single machine.

1. Start the Digipass Plug-In for SBR install process on the SBR server (SVR).

If you are not using the CD Autorun interface, locate and double-click on the

Digipass_PlugIn_for_SBR_220_setup.exe file.

The Digipass Plug-In for SBR splash screen will be displayed, followed by the License

Agreement dialog.

2. Read the agreement carefully.

3. To accept the License Agreement, click I Agree.

If you do not accept the License Agreement, and click Cancel, the install will

terminate.

© 2006 VASCO Data Security Inc. 15


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Installation Type dialog will be displayed.

4. Select Plug-In install using Active Directory and click on Next.

Note

If you are evaluating or running a test install of the Digipass Plug-In for SBR, you may

wish to use the embedded PostgreSQL database provided.

The Select Components dialog will be displayed.

5. Select the components you want to install. These components are required for the

running and administration of the Digipass Plug-In for SBR:

© 2006 VASCO Data Security Inc. 16


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

6. Click Next.

SBR Plug-In

Digipass Extension for Active Directory Users and Computers

Administration MMC Interface

The Customer Information dialog will be displayed.

7. Enter your user name and company name

8. If you are installing an evaluation copy of the Digipass Plug-In for SBR, tick the Use

an evaluation license checkbox.

If not, enter the serial number for the product in the Serial Number field.

9. If there are multiple IP addresses registered for the machine, you will be asked which

IP address the Digipass Plug-In for SBR should use. Select an IP address and click on

the Next button.

10. Click on the Next button.

© 2006 VASCO Data Security Inc. 17


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Active Directory Pre-Requisites dialog will be displayed.

11. If this is not the first SBR Plug-In to be installed:

a. Ensure that Active Directory has had time to replicate changes to the Schema.

b. Tick the This is not the first SBR Plug-In to be installed checkbox.

12. If you have run the addschema command, click on Next. If not, run the command

(see 7.1 addschema command for instructions), wait for the Schema changes to be

replicated to the sub-domain then click on Next.

The install program will check the Active Directory Schema.

The Digipass Configuration Domain dialog will be displayed.

© 2006 VASCO Data Security Inc. 18


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

13. Enter the fully qualified name of the Domain in which Digipass Plug-In for SBR should

store its data. This domain must currently exist.

14. Click on Next.

15. If you have chosen to install the User Self Management Web Site and IIS is installed

on the machine, a pop-up dialog will ask if you wish to allow the install program to

create a Virtual Directory on the default IIS web site on this machine, and install the

User Self Management Web Site files there. Click Yes to allow this or No to set it up

manually later.

16. If you have chosen to install the OTP Request Site and IIS is installed on the

machine, a pop-up dialog will ask if you wish to allow the install program to create a

Virtual Directory on the default IIS web site on this machine, and install the OTP

Request Site files there. Click Yes to allow this or No to set it up manually later.

The Installation Directory dialog will be displayed.

17. To install to the default location (C:\Program Files\VASCO\Digipass Plug-In for SBR if

Windows is installed on the C: drive), click on Install. If you wish to install to a

location other than the default, click on Browse, specify the installation location and

click on Install.

The Installation Progress dialog will be displayed, showing the progress of your install.

Click Next when the install is complete.

© 2006 VASCO Data Security Inc. 19


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Activation Options dialog will be displayed.

18. Select a licensing option:

Note

If you are using an evaluation license, you still need to go through the license

activation process.

Select the Go to the Activation Web page now option to immediately view the

licensing page on the VASCO web site.

Check any details which were automatically filled in, fill in any extra information

required, and select the method to receive the license key – either email or

download.

After the Activation Web Page has been submitted, the license key file will either

start downloading, or be emailed to the email address you supplied.

Save the license key file to a directory on the install machine, then go back to

the installation screen. The screen will allow you to browse to the license key file

for immediate loading.

Select the Save a shortcut to the desktop for later option to save a shortcut on

the desktop to use at a later time.

If you already have a license file, select the Load the License Key from an

existing License File option.

Browse to the file location and select the license key file.

The install program will load the license key during the installation progress.

Select Just Continue to do nothing with the license at this time.

© 2006 VASCO Data Security Inc. 20


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Restart Required dialog will be displayed.

19. Click the Yes option button to restart the machine, or No to add the license file or

perform other tasks before restarting.

20. Click Finish when this process is complete.

© 2006 VASCO Data Security Inc. 21


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.2 Typical Installation – Embedded Database

3.2.1 Scenario & Decisions

This 'typical installation' process uses the following decisions and scenario:

The scenario

The embedded PostgreSQL database will be used.

A database administrator account will be created automatically, with UserID of digipass

and password digipassword.

The installation will be run on the Steel-Belted RADIUS server.

A Data Source will be automatically created on the Steel-Belted RADIUS server for the

new database.

3.2.2 Run Install

Install the standard installation components on a single machine.

1. Start the Digipass Plug-In for SBR install process on the SBR server (SVR).

If you are not using the CD Autorun interface, locate and double-click on the

Digipass_PlugIn_for_SBR_220_setup.exe file.

The Digipass Plug-In for SBR splash screen will be displayed, followed by the License

Agreement dialog.

2. Read the agreement carefully.

3. To accept the License Agreement, click I Agree.

If you do not accept the License Agreement, and click Cancel, the install will

terminate.

© 2006 VASCO Data Security Inc. 22


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Installation Type dialog will be displayed.

4. Select Plug-In install with an embedded database.

The Select Components dialog will be displayed.

5. Select the components you want to install. These components are required for the

running and administration of the Digipass Plug-In for SBR:

SBR Plug-In

Administration MMC Interface

© 2006 VASCO Data Security Inc. 23


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

Note

The Active Directory Users and Computers Extension option is unavailable

when the Standard ODBC installation type is selected.

Inclusion of this option when the Custom installation type is selected will cause

Active Directory to be used as the data store.

6. Click Next.

The Customer Information dialog will be displayed.

7. Enter your user name and company name.

8. If you are installing an evaluation copy of the Digipass Plug-In for SBR, tick the Use

an evaluation license checkbox.

If not, enter the serial number for the product in the Serial Number field.

9. If there are multiple IP addresses registered for the machine, you will asked which IP

address the Digipass Plug-In for SBR should use. Select an IP address and click on

the Next button.

10. Click on the Next button.

11. If you have chosen to install the User Self Management Web Site and IIS is installed

on the machine, a pop-up dialog will ask if you wish to allow the install program to

create a Virtual Directory on the default IIS web site on this machine, and install the

User Self Management Web Site files there. Click Yes to allow this or No to set it up

manually later.

12. If you have chosen to install the OTP Request Site and IIS is installed on the

machine, a pop-up dialog will ask if you wish to allow the install program to create a

Virtual Directory on the default IIS web site on this machine, and install the OTP

Request Site files there. Click Yes to allow this or No to set it up manually later.

© 2006 VASCO Data Security Inc. 24


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Installation Directory dialog will be displayed.

13. To install to the default location (C:\Program Files\VASCO\Digipass Plug-In for SBR if

Windows is installed on the C: drive), click on Install. If you wish to install to a

location other than the default, click on Browse, specify the installation location and

click on Install.

The Installation Progress dialog will be displayed, showing the progress of your

install.

Click Next when the install is complete.

The Activation Options dialog will be displayed.

© 2006 VASCO Data Security Inc. 25


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

14. Select a licensing option:

Note

If you are using an evaluation license, you still need to go through the

license activation process.

Select the Go to the Activation Web page now option to immediately view the

licensing page on the VASCO web site.

Check any details which were automatically filled in, fill in any extra information

required, and select the method to receive the license key – either email or

download.

After the Activation Web Page has been submitted, the license key file will either

start downloading, or be emailed to the email address you supplied.

Save the license key file to a directory on the install machine, then go back to

the installation screen. The screen will allow you to browse to the license key file

for immediate loading.

Select the Save a shortcut to the desktop for later option to save a shortcut

on the desktop to use at a later time.

If you already have a license file, select the Load the License Key from an

existing License File option.

Browse to the file location and select the license key file.

The install program will load the license key during the installation progress.

Select Just Continue to do nothing with the license at this time.

© 2006 VASCO Data Security Inc. 26


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Restart Required dialog will be displayed.

15. Click the Yes option button to restart the machine, or No to add the license file or

perform other tasks before restarting.

16. Click Finish when this process is complete.

© 2006 VASCO Data Security Inc. 27


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.3 Typical Installation – ODBC Database

3.3.1 Scenario & Decisions

This 'typical installation' process uses the following decisions and scenario:

The scenario

A new database has been created.

A new database administrator account has been created and named DBAdmin. This

account will own all tables and will be used:

in running the addschema command

by the SBR Plug-In

for administration

The installation will be run on the Steel-Belted RADIUS server.

A Data Source has been created on the Steel-Belted RADIUS server for the new

database. The Data Source Name has been set to DBA.

3.3.2 Extend Schema

Run the addschema command:

1. Copy dpdbadmin.exe from the Windows/Utilities directory on the installation CD or

zip file onto the Steel-Belted RADIUS server.

2. Create an ODBC Data Source for the database on the computer, if one does not

currently exist.

3. Open a command prompt in the location to which the executable was copied.

4. Type:

dpdbadmin addschema –u DBAdmin –p -d DBA

Ensure that the User ID and password used are that of the database administrator

account.

© 2006 VASCO Data Security Inc. 28


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.3.3 Run Install

Install the standard installation components on a single machine.

1. Start the Digipass Plug-In for SBR install process on the SBR server (SVR).

If you are not using the CD Autorun interface, locate and double-click on the

Digipass_PlugIn_for_SBR_220_setup.exe file.

The Digipass Plug-In for SBR splash screen will be displayed, followed by the License

Agreement dialog.

2. Read the agreement carefully.

3. To accept the License Agreement, click I Agree.

If you do not accept the License Agreement, and click Cancel, the install will

terminate.

© 2006 VASCO Data Security Inc. 29


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Installation Type dialog will be displayed.

4. Select Plug-In install using an ODBC-compliant database.

Note

If you are evaluating or running a test install of the Digipass Plug-In for SBR, you may

wish to use the embedded PostgreSQL database provided instead.

The Select Components dialog will be displayed.

© 2006 VASCO Data Security Inc. 30


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

5. Select the components you want to install. These components are required for the

running and administration of the Digipass Plug-In for SBR where an ODBC database

(including Access) is used as the data store:

Note

SBR Plug-In

Administration MMC Interface

The Active Directory Users and Computers Extension option is unavailable

when the Standard ODBC installation type is selected.

Inclusion of this option when the Custom installation type is selected will cause

Active Directory to be used as the data store.

6. Click Next.

The Customer Information dialog will be displayed.

7. Enter your user name and company name.

8. If you are installing an evaluation copy of the Digipass Plug-In for SBR, tick the Use

an evaluation license checkbox.

If not, enter the serial number for the product in the Serial Number field.

9. If there are multiple IP addresses registered for the machine, you will asked which IP

address the Digipass Plug-In for SBR should use. Select an IP address and click on

the Next button.

10. Click on the Next button.

© 2006 VASCO Data Security Inc. 31


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The ODBC Pre-Requisites dialog will be displayed.

11. If this is not the first SBR Plug-In to be installed, tick the This is not the first SBR

Plug-In to be installed checkbox.

12. If you have run the addschema command, click on Next.

If not, run the command (see 7.1 addschema command for instructions), then click

on Next.

The ODBC Connection Details window will be displayed.

13. Enter the Data Source Name for the database and, if required, a Username and

password to use in connecting to it.

© 2006 VASCO Data Security Inc. 32


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The install program will check the database schema.

14. If you have chosen to install the User Self Management Web Site and IIS is installed

on the machine, a pop-up dialog will ask if you wish to allow the install program to

create a Virtual Directory on the default IIS web site on this machine, and install the

User Self Management Web Site files there. Click Yes to allow this or No to set it up

manually later.

15. If you have chosen to install the OTP Request Site and IIS is installed on the

machine, a pop-up dialog will ask if you wish to allow the install program to create a

Virtual Directory on the default IIS web site on this machine, and install the OTP

Request Site files there. Click Yes to allow this or No to set it up manually later.

The Installation Directory dialog will be displayed.

16. To install to the default location (C:\Program Files\VASCO\Digipass Plug-In for SBR if

Windows is installed on the C: drive), click on Install. If you wish to install to a

location other than the default, click on Browse, specify the installation location and

click on Install.

The Installation Progress dialog will be displayed, showing the progress of your

install.

Click Next when the install is complete.

© 2006 VASCO Data Security Inc. 33


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Activation Options dialog will be displayed.

17. Select a licensing option:

Note

If you are using an evaluation license, you still need to go through the

license activation process.

Select the Go to the Activation Web page now option to immediately view the

licensing page on the VASCO web site.

Check any details which were automatically filled in, fill in any extra information

required, and select the method to receive the license key – either email or

download.

After the Activation Web Page has been submitted, the license key file will either

start downloading, or be emailed to the email address you supplied.

Save the license key file to a directory on the install machine, then go back to

the installation screen. The screen will allow you to browse to the license key file

for immediate loading.

Select the Save a shortcut to the desktop for later option to save a shortcut

on the desktop to use at a later time.

If you already have a license file, select the Load the License Key from an

existing License File option.

Browse to the file location and select the license key file.

The install program will load the license key during the installation progress.

Select Just Continue to do nothing with the license at this time.

© 2006 VASCO Data Security Inc. 34


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

The Restart Required dialog will be displayed.

18. Click the Yes option button to restart the machine, or No to add the license file or

perform other tasks before restarting.

19. Click Finish when this process is complete.

© 2006 VASCO Data Security Inc. 35


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.4 Multiple Product Installation

If another VASCO product is already installed on the machine, the installation process will run

in Add Components mode, as most data and many components are shared between products.

Typically, you will only need to add the SBR Plug-In component, but others may be added if

not already installed. See the 4 Add Components to Installation section for instructions

after reading the information below.

These changes will affect your existing installation:

Data Store Selection

You will not be given a choice of data store. All Digipass-related data will be stored in the

same data store as used by the currently-installed VASCO product.

Start Menu Changes

Installing more than one VASCO product on a machine will cause VASCO Start menu options to

be re-arranged, as components may be shared between products. Links to components and

documentation specific to the product will be located under VASCO -> (eg.

VASCO -> Digipass Plug-In for SBR). Links to shared components will be located in

VASCO -> Common Components.

Automatic Component Upgrade

If the second product has a later version of any of the shared components, these components

will be upgraded as part of the installation.

Shared Components not Removed during Uninstall

When uninstalling one of the products on a machine that has more than one, the uninstaller

will only remove the specific plug-in component - it will leave all the shared components. They

will only be removed when you uninstall the last product.

Important Note

If the second product had later versions of any components, ensure that you

uninstall the second product last if you want to uninstall both products. The

uninstaller for the original product may not possess all the necessary

information to completely remove newer components.

Repairing Components

When two products are installed on the same machine and a repair is attempted, the

installation program will only be able to repair the components that are specific to it or are

shared. For example, the Digipass Plug-In for IAS installation program will not repair the SBR

Plug-In.

If the other product has a later version of one of the shared components, it will not be

repaired. In that case, the other product's installer is needed to repair that shared component.

In general, use the latest versioned product to repair shared components.

© 2006 VASCO Data Security Inc. 36


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.5 Upgrading from Digipass Plug-In for Funk 2.0 or 2.1

If the Digipass Plug-In for Funk 2.0 or 2.1 is currently installed, it may be upgraded to version

2.2 by following these steps:

1. Ensure that your company has an upgraded license for version 2.2.

2. Get and load an updated license file (see 3.6.1.2 Obtain License Key File and

3.6.1.3 Load License Key for instructions).

3. Check that the Administration MMC Interface and the SBR Administrator programs are

not running.

4. Start the Digipass Plug-In for SBR install process on the SBR server (SVR).

If you are not using the CD Autorun interface, locate and double-click on the

Digipass_PlugIn_for_SBR_220_setup.exe file.

A window will be displayed, asking if you want to upgrade the installation.

5. Click on Yes.

The Digipass Plug-In for SBR installation will be updated to the production version.

6. Reboot if required.

7. If you were using RADIUS Profiles in the Digipass User accounts in Digipass Plug-In for

Funk 2.0 or 2.1, run the upgradeprofiles command to convert the old RADIUS Profiles

information to the new User Attributes format. See 7.2 upgradeprofiles command

(Active Directory) or 8.2 upgradeprofiles command (ODBC database) for more

information.

Note

The data store used for the Digipass Plug-In for SBR may not be changed

during an upgrade. If an ODBC database is to be used as the data store,

version 2.0 or 2.1 of the Digipass Plug-In for Funk must be uninstalled from a

machine before version 2.2 may be installed.

If the Digipass Plug-In for IAS is installed on a machine, an ODBC database

may not be used as the data store for the Digipass Plug-In for SBR.

© 2006 VASCO Data Security Inc. 37


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.6 Post-Installation Tasks

3.6.1 Licensing

Each SBR Plug-In will require a license key to be loaded into its Component record – even if

you are using an evaluation license. If this is not completed during the install process, it will

need to be done before the SBR Plug-In can be used.

3.6.1.1 Evaluation Serial Number

If you do not obtain a license key file during installation of the SBR Plug-In, but wish to use an

evaluation license, you will need to use this serial number on the VASCO licensing site:

213DFFBDA5.

3.6.1.2 Obtain License Key File

Note

An active internet connection is required to obtain a License Key.

1. Open the Administration MMC Interface.

2. Click on the Components node.

The Component List will be displayed in the Result pane.

3. Double-click on the required Component record.

The Component property sheet will be displayed.

4. Click on the License Key Details... button.

The License Key Details window will be displayed.

5. Click on the Request License Key... button.

A browser window will be opened, with the VASCO Licensing site loaded. Any

required information which the SBR Plug-In has will be entered as the site is loaded.

6. Enter any other required information in the browser window.

7. Click on the Request License Key button in the browser window.

A download of your license key file should begin. Keep note of where you save the

file, and its name.

3.6.1.3 Load License Key

1. Open the Administration MMC Interface.

2. Click on the Components node.

The Component List will be displayed in the Result pane.

3. Double-click on the required Component record.

The Component property sheet will be displayed.

© 2006 VASCO Data Security Inc. 38


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

4. Click on the License Key Details... button.

The License Key Details window will be displayed.

5. Click on the Load License Key... button.

6. Browse to the download location and select the license key file.

7. Click on Open.

A message window will display the success or failure of loading the license key into

the data store.

3.6.2 Encryption Settings

If you will be using a custom encryption key for sensitive data, this should be set before

Digipass are imported to the 'live' version of the Digipass Plug-In for SBR. See the Sensitive

Data Encryption topic in the Administrator Reference for more information.

3.6.3 Backup Strategy

Consider a backup strategy to be put in place for files which will require backing up. For more

information, see the Administrator Reference.

3.6.4 Active Directory Tasks

3.6.4.1 Additional Setup Steps for Multiple Domains

When using the SBR Plug-In in multiple domains, extra steps must be followed to ensure that

the SBR Plug-In has permissions sufficient to access required data in other domains. See the

Set Up Active Directory Permissions section of the Administrator Reference. The Multiple

Domains topic in this section contains instructions for cross-domain scenarios, and can be

used as follows:

If the SBR Plug-In you have just installed is not in the Digipass Configuration Domain, follow

the instructions in Scenario 1.

If the SBR Plug-In you have just installed will be used to authenticate Users in domains other

than its own, follow the instructions in Scenario 2.

3.6.4.2 Set up Active Directory SSL

If you need to set up SSL at this point, see 2.2.3 SSL Setup for instructions.

3.6.4.3 Active Directory Replication

Active Directory replication issues can cause problems in some installations of the Digipass

Plug-In for SBR. See the Active Directory Replication Issues topic in the Administrator

Reference.

© 2006 VASCO Data Security Inc. 39


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.6.4.4 Active Directory Auditing

Consider whether to include custom object classes and permission property sets in Active

Directory's auditing. See the Active Directory Auditing topic in the Administrator Reference

for more information.

3.6.5 ODBC Tasks

3.6.5.1 Configure User ID and Domain Handling

The SBR Plug-In has options to configure how User IDs and domain names are handled. It is

important that these are set up before data is added to the database.

Note

SBR has limited support for extended (non-English) characters in User IDs. The

SBR Plug-In must work within these limitations.

Case-sensitivity

The SBR Plug-In may be configured to save and retrieve User IDs and domain names in lower

case, upper case or with no conversion – data is saved or searched on exactly as entered. The

configuration required will depend on your company's requirements and the capabilities of the

database used as the data store. See the Encoding and Case-Sensitivity topic in the

Administrator Reference for more information.

Case-sensitivity configuration must be completed before User accounts and domain records are

added to the database. However, the Master domain (named 'master') is created during

installation, and is in lower case. This will not cause any problems if the SBR Plug-In is

configured not to convert case, or to convert to lower case. If the SBR Plug-In will be

configured to convert User IDs and domains to upper case, first follow these steps:

1. Open the Administration MMC Interface and create a new domain. This new domain

must have its name entirely in upper case (eg. MASTER).

2. Open the SBR Plug-In Configuration GUI and set the new domain as the Master

domain. Close the Configuration GUI.

3. Delete the original 'master' domain.

Windows name resolution

Enable Windows Name Resolution to allow the SBR Plug-In to use Windows functionality to

resolve a UserID – as entered during a login – into a User ID and Domain. This is highly

recommended if Dynamic User Registration will be enabled.

© 2006 VASCO Data Security Inc. 40


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.6.5.2 Permissions for Group Check

A list of Windows groups can be specified in the configuration GUI of the SBR Plug-In. The

SBR Plug-In will only authenticate a User’s login if the User belongs to one of these specified

groups.

Add LocalSystem (“SYSTEM”) to either Administrators or the Account Operators Windows

group on the SBR server to allow the SBR Plug-In to run a group check:

1. Go to the desktop and right-click on My Computer.

2. Click on Manage.

3. Expand the Local Users and Groups node.

4. Click on Groups.

5. Right-click on Administrators or Account Operators.

6. Click on Add to Group...

7. Click on Add...

8. Click on Locations...

9. Select the local machine and click on OK.

10. Enter SYSTEM in the object name memo.

11. Click on OK.

A new entry will be added to the Members list.

© 2006 VASCO Data Security Inc. 41


Digipass Plug-In for SBR Installation Guide Installing Digipass Plug-In for SBR

3.6.5.3 Configure Connection Parameters

You may wish to increase the number of connections attempted to the database if:

The load on the database will be high, and

Changes to the connection settings will be efficient with the database and database

driver in question.

Setting an idle timeout will allow connections which are no longer required to be closed as

soon as possible, which may lower the load on the database server. See the Administrator

Reference for more information.

3.6.5.4 Additional Databases

If additional databases are required for backup, failover or load-balancing purposes, configure

the SBR Plug-In to use them now. See the Additional ODBC Databases topic in the Product

Guide and the Database Connection Handling topic in the Administrator Reference for more

information.

3.6.5.5 Additional Setup Steps for Multiple SBR Plug-Ins

If more than one SBR Plug-In are installed on the system, some additional setup may be

required. See the Multiple SBR Plug-Ins

topic in the Product Guide for more information.

3.6.6 Configure Steel-Belted RADIUS to Use SBR Plug-In

Steel-Belted RADIUS must be configured to use the SBR Plug-In:

1. Open the SBR Administrator.

2. Click on Authentication Policies.

3. Select Digipass Authentication.

4. Use the arrow buttons to move Digipass Authentication to the top of the list box.

5. Tick the Active checkbox for Digipass Authentication.

6. Untick all other Authentication Methods.

7. Click on Apply.

© 2006 VASCO Data Security Inc. 42


Digipass Plug-In for SBR Installation Guide Add Components to Installation

4 Add Components to Installation

To add components to the installation:

1. Start the Digipass Plug-In for SBR install process.

If you are not using the CD Autorun interface, locate and double-click on the

Digipass_PlugIn_for_SBR_220_setup.exe file.

The Digipass Plug-In for SBR splash screen will be displayed, followed by the

Maintenance Options dialog.

2. Select the Add Components option button and click on Next.

The Select Components dialog will be displayed.

3. Select the components you want to add to the installation and click on Next.

The Installation Progress dialog will be displayed, showing the progress of your

install.

When completed, the Activation Options dialog will be displayed, prompting you to

select a method of obtaining a license file.

When the installation is complete, the Restart Required dialog will be displayed.

4. Click the Yes option button to restart the machine, or No to perform other tasks

before restarting.

5. Click Close when this process is complete.

© 2006 VASCO Data Security Inc. 43


Digipass Plug-In for SBR Installation Guide Repair Installation

5 Repair Installation

The installation of the Digipass Plug-In for SBR may need to be repaired if files have been

corrupted, deleted or lost.

1. Start the Digipass Plug-In for SBR install process.

If you are not using the CD Autorun interface, locate and double-click on the

Digipass_PlugIn_for_SBR_220_setup.exe file.

The Digipass Plug-In for SBR splash screen will be displayed, followed by the

Maintenance Options dialog.

2. Select the Repair Installation option button and click on Next.

A confirmation window will be displayed.

3. Click on Yes.

4. After installation, the system must be restarted.

A screen will be displayed, asking whether you want to restart the machine now or

later.

Select the Yes, restart the machine now radio button (selected by default).

Click on the Finish button.

© 2006 VASCO Data Security Inc. 44


Digipass Plug-In for SBR Installation Guide Uninstall Digipass Plug-In for SBR

6 Uninstall Digipass Plug-In for SBR

6.1 Manual Uninstall

See the Administrator Reference for a list of files installed for the Digipass Plug-In for SBR.

6.2 Active Directory

Additional data removal

Digipass-specific information is not removed from Active Directory when the Digipass Plug-In

for SBR is uninstalled from a computer. A custom VB script is available which will strip all

information related to the SBR Plug-In from a domain. See the Administrator Reference for

further information and instructions.

6.3 ODBC Database

Remove Schema Modifications

The dropschema command in the DPDBadmin command line utility can be used to remove all

schema modifications from the database, deleting all data relating to the SBR Plug-In.

© 2006 VASCO Data Security Inc. 45


Digipass Plug-In for SBR Installation Guide DPADadmin Utility

7 DPADadmin Utility

7.1 addschema command

The addschema command is used to create all the Active Directory Schema extensions, if

they are not already there. Each element will be checked individually to see if it is already

there and if not, will be added.

This command is intended to be run manually by a domain administrator before the main

Digipass Plug-In for SBR installation is run, as recommended by Microsoft.

It may be necessary to go through an approval process in your company before running this

command, as it involves changes to Active Directory Schema. You may also need to have

another administrator run the command for you, possibly in another part of your network. This

depends on your company’s structure and rules for Active Directory control.

Prerequisite Information

Schema Master Machine

This command may technically be run on any Windows 2000, XP or 2003 machine, however it

needs to contact the Domain Controller which has the Schema Master role. There can be only

one Domain Controller in the Forest with that role. It may be simplest to run the command

directly on the Schema Master, to avoid any potential connectivity or permission issues.

Warning

Warning: If you are passing the credentials to the command in the

parameters, and you are not running the command on the Schema Master,

check that you do not have any shares on the Schema Master open. This will

cause the command to fail.

Domain Administrator Account

In order to successfully update the Schema, you must know the username and password of a

Domain Administrator account that is able to log into the Schema Master. You must either run

the command while logged in as that user, or pass the credentials to the command in the

parameters. The Domain Administrator must have permission to extend the Schema – they

must be a member of the Schema Admins group in the Forest-Root-Domain (the first Domain

created in the Forest).

Schema Changes Allowed

By default, Active Directory does not permit Schema extensions to be made. There is a registry

setting that must be changed to allow extensions. If this is not already set, DPADadmin will

ask you whether it should change the setting itself or not. If you click on Yes, it will change

the setting itself, make the extensions then change it back again.

If you would prefer to change the setting manually, log into the Schema Master and change

the value of the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\

Parameters\Schema Update Allowed registry key to 1, adding it as a value of type

DWORD if it does not already exist. Alternatively, if the Schema Manager MMC snap-in is

installed on the machine, this can be used to enable or disable Schema extensions.

© 2006 VASCO Data Security Inc. 46


Digipass Plug-In for SBR Installation Guide DPADadmin Utility

If you have disabled the Schema extensions after removing a previous installation in the

Forest, reactivate them before using this command. This can be done using the Schema

Manager MMC snap-in used to deactivate them.

Extend the Schema on the Schema Master

1. Log into the Schema Master as a member of the Schema Administrators group.

2. Copy dpadadmin.exe onto the Schema Master

3. Open a command prompt in the location to which it was copied.

4. Type:

dpadadmin addschema

5. If DPADadmin detects that Schema extensions are not currently permitted, it will

prompt you whether to enable them or not. Enter y to enable them, or n to cancel.

The progress and success/failure of the command will be displayed in the command prompt

window. If there was a failure, it can be run again after the problem has been rectified.

Extend the Schema on the SBR Server

1. Open a command prompt and navigate to the installation’s bin directory by typing:

cd \bin

2. Type:

dpadadmin addschema –master schema_master –u user_name –p password

3. See 7.1 Command Line Syntax for more details regarding the required parameters.

4. If DPADadmin detects that Schema extensions are not allowed, it will prompt you to

enable them. Enter y to enable them, or n to cancel.

The progress and success/failure of the command will be displayed in the command prompt

window. If there was a failure, it can be run again after the problem has been rectified.

Command Line Syntax

dpadadmin addschema [–master schema_master] [–u user_name [–p password]] [-q]

Option Description

-master Fully qualified name of the Domain Controller with the Schema Master role. This option may be

omitted if the command is run directly on the Schema Master.

-u User name of a Domain Administrator in the Schema Administrators group. This option may be

omitted if you are logged into the machine as that Domain Administrator when you run the command.

-p Password of the Domain Administrator. This option may be omitted if you are logged in as that Domain

Administrator or if they have a blank password.

-q Quiet mode, will not output commentary text.

Table 1: DPADadmin addschema Command Line Options

DPADadmin addschema Command Sample

dpadadmin addschema –master dc1.vasco.com –u schema_admin –p sa_password

© 2006 VASCO Data Security Inc. 47


Digipass Plug-In for SBR Installation Guide DPADadmin Utility

7.2 upgradeprofiles command

The upgradeprofiles command is used to upgrade RADIUS profile information from the

format used in Digipass Plug-In for Funk 2.0 and 2.1, to the User Attributes format used in

2.2. It must be run in each domain where User accounts with RADIUS Profile information are

located.

Prerequisite Information

Attribute Group

You may have a custom Attribute Group name set in the configuration of the new . If so, you

will need to have the exact name available. Check the Configuration (SBR Settings tab) if you

are unsure.

Domain Administrator

You must run the command as an administrator in that domain with sufficient administration

rights to:

Read User information

Read and write to the vasco-Profile attribute

Upgrade Profile Information

1. Open a command prompt and navigate to the installation’s bin directory by typing:

2. Type:

cd \bin

dpadadmin upgradeprofiles -domain

The progress and success/failure of the command will be displayed in the command prompt

window.

Command Line Syntax

dpadadmin upgradeprofiles [-attrgroup ] [-domain ] [-q]

[-l] [-v]

Table 2: DPADadmin upgradeprofiles Command Line Options

Option Description

-attrgroup OPTIONAL. Specifies the name of the Attribute Group to which the RADIUS Profile should be added. If

this is not specified, the default RADIUS will be used.

-domain OPTIONAL. Specifies the FQDN of the domain to set up. If omitted, the Digipass Configuration Domain

will be used.

-q Quiet mode, will not output commentary text.

-l Record messages to a log file.

-v Use verbose logging output.

DPADadmin upgradeprofiles Command Sample

dpadadmin upgradeprofiles -attrgroup RADIUS -domain test.vasco.com

© 2006 VASCO Data Security Inc. 48


Digipass Plug-In for SBR Installation Guide DPDBadmin Utility

8 DPDBadmin Utility

8.1 addschema command

The addschema command is used to create all required tables in an existing database, if they

are not already there. The utility will check each table to see if it is already there and if not,

will add the required table.

This command is intended to be run manually by an administrator before the main Digipass

Plug-In for SBR installation is run.

8.1.1.1 Prerequisite Information

Database Administrator Account

In order to successfully modify the database schema, you will need the username and

password of a database administrator account that is able to make changes to the database

schema. You must pass these credentials to the command in the parameters.

ODBC Data Source Name

You will need the Data Source Name that can be used to connect to the database. If one does

not exist, create it before continuing.

8.1.1.2 Extend the Schema on the SBR Server

1. Open a command prompt and navigate to the installation’s bin directory by typing:

cd \bin

2. Type:

dpdbadmin addschema –u user_name –p password -d dsn

3. See 8.1.1.3 Command Line Syntax for more details regarding the required

parameters.

The progress and success/failure of the command will be displayed in the command prompt

window. If there was a failure, it can be run again after the problem has been rectified.

Ensure that the database user account(s) to be used by the SBR Plug-In and for administration

have the required permissions to access, modify, create and delete rows in the tables just

created. See 2.3.2.2 Permissions for more information.

8.1.1.3 Command Line Syntax

dpdbadmin addschema –u user_name [–p password] -d dsn [-nouser] [-domain

domain_name] [-vdsuser alternatename] [-vdsdomain alternatename]

[-vdscontrol alternatename] [-vdsdigipass alternatename]

[-vdsdpapplication alternatename] [-vdspolicy] [-vdsbackend alternatename]

[-vdscomponent alternatename] [-vdsorgunit alternatename] [-utf8factor] [-q]

© 2006 VASCO Data Security Inc. 49


Digipass Plug-In for SBR Installation Guide DPDBadmin Utility

Option Description

-u User name of a database administrator.

-p Password of the database administrator. This option may be omitted if they have a blank

password.

-d Database Name (DNS)

-nouser Do not create Digipass User table.

This option is not currently supported.

-domain Specify the name of the master domain to be created.

vdsuser Alternative name for the Digipass User table

vdsdomain Alternative name for the Domain table

vdscontrol Alternative name for the Controller table

vdsdigipass Alternative name for the Digipass table

vdsdpapplication Alternative name for the Digipass Application table

vdspolicy Alternative name for the Policy table

vdsbackend Alternative name for the Back-end Server table

vdscomponent Alternative name for the Component table

vdsorgunit Alternative name for the Organizational Unit table

-utf8factor On certain databases (such as Oracle and DB2), column sizes are specified in bytes, not

characters, by default. When UTF-8 encoding is used to store data, for full Unicode support, one

character may be represented as more than one byte. Normally 2 or 3 characters are used,

depending on the language, but some characters require 4. If your data will include a lot of non-

English characters, you can increase the size of certain columns by a factor to allow for the extra

bytes. The value of the parameter should be 2, 3 or 4. Typically, 3 is sufficient. The columns

affected by this are the User Name (not User ID) and various Description fields.

On other databases, column sizes are specified in characters, and this parameter is not needed.

-q Quiet mode, will not output commentary text.

Table 3: DPDBadmin addschema Command Line Options

DPDBadmin addschema Command Sample

dpdbadmin addschema –u db_admin –p dba_password -d db_users

© 2006 VASCO Data Security Inc. 50


8.2 upgradeprofiles command

The upgradeprofiles command is used to upgrade RADIUS profile information from the

format used in Digipass Plug-In for Funk 2.0 and 2.1, to the User Attributes format used in

2.2.

Prerequisites

These conditions must be met before this command can be run successfully:

Must be run on the machine on which the is installed.

The configuration file () must be in the default location (\Bin)

Attribute Group

You may have a custom Attribute Group name set in the Configuration. If so, you will need to

have the exact name available. Check the Configuration (SBR Settings tab) if you are unsure.

Upgrade Profile Information

1. Open a command prompt and navigate to the installation’s bin directory by typing:

2. Type:

cd \bin

dpdbadmin upgradeprofiles

The progress and success/failure of the command will be displayed in the command prompt

window.

Command Line Syntax

dpdbadmin upgradeprofiles [-attrgroup ] [-q] [-l] [-v]

Table 4: DPDBadmin upgradeprofiles Command Line Options

Option Description

-attrgroup OPTIONAL. Specifies the name of the Attribute Group to which the RADIUS Profile should be added. If

this is not specified, the default RADIUS will be used.

-q Quiet mode, will not output commentary text.

-l Record messages to a log file.

-v Use verbose logging output.

DPDBadmin upgradeprofiles Command Sample

dpdbadmin upgradeprofiles -attrgroup RADIUS -l c:\temp\upgrade.log

More magazines by this user
Similar magazines