3.5. LinOTP on Univention Corporate Server UCS¶
LinOTP can also run on the Univention Corporate Server (UCS) 3.1 and 3.2.
LinOTP can be installed directly from the Univention App Center.
Thus in this scenario LinOTP is called an App
.
Note
LinOTP can run on a member server or on a domain controller. We recommend that you run LinOTP on a dedicated member server.
Note
The LinOTP App also installs a MySQL server for the token database and a FreeRADIUS server.
3.5.1. App Center¶
Note
We assume that you already have installed a Univention Corporate Server and set up a domain.
To install LinOTP go to the App Center on your Univention Corporate Server.
In the App Center you can select LinOTP or first filter by the tag Security
.
Select the LinOTP App and you get a dialog with detailed information on LinOTP on the Univention Corporate Server.
Click install
to start the installation process. You need to accept a license agreement and you get a list of
all packages that will be installed before the installation starts.
The installation is performed without any interaction. So you do not need to answer any question or make any decisions. After a few minutes the LinOTP packages are installed and you need to restart the Univention Management Console.
3.5.2. Join Scripts¶
LinOTP will be automatically configured for you according to the univention domain. A service account will be created in the LDAP, LinOTP will be configured in such a way, that all domain users will be available in LinOTP and all Domain Administrators will be allowed to login to the LinOTP Management WebUI. Moreover the FreeRADIUS server will be configured that all clients on the subnet can issue RADIUS requests.
You need to run the domain join scripts therefor.
After re-login to the Univention Management Console you can run the pending domain join script.
After the join script has finished LinOTP is ready to be used.
You can find links to the LinOTP Management WebUI and the Selfservice Portal on the UCS overview page.