3.5. LinOTP on Univention Corporate Server UCS

LinOTP can also run on the Univention Corporate Server (UCS) 3.1 and 3.2.

LinOTP can be installed directly from the Univention App Center. Thus in this scenario LinOTP is called an App.

Note

LinOTP can run on a member server or on a domain controller. We recommend that you run LinOTP on a dedicated member server.

Note

The LinOTP App also installs a MySQL server for the token database and a FreeRADIUS server.

3.5.1. App Center

Note

We assume that you already have installed a Univention Corporate Server and set up a domain.

To install LinOTP go to the App Center on your Univention Corporate Server.

../../_images/appcenter.png

The App Center in the Univention Corporate Server

In the App Center you can select LinOTP or first filter by the tag Security.

../../_images/appcenter-security.png

The Apps in the App Center filtered by the tag Security

Select the LinOTP App and you get a dialog with detailed information on LinOTP on the Univention Corporate Server.

../../_images/appcenter-install.png

Detailed information about the LinOTP App

Click install to start the installation process. You need to accept a license agreement and you get a list of all packages that will be installed before the installation starts.

The installation is performed without any interaction. So you do not need to answer any question or make any decisions. After a few minutes the LinOTP packages are installed and you need to restart the Univention Management Console.

3.5.2. Join Scripts

LinOTP will be automatically configured for you according to the univention domain. A service account will be created in the LDAP, LinOTP will be configured in such a way, that all domain users will be available in LinOTP and all Domain Administrators will be allowed to login to the LinOTP Management WebUI. Moreover the FreeRADIUS server will be configured that all clients on the subnet can issue RADIUS requests.

You need to run the domain join scripts therefor.

After re-login to the Univention Management Console you can run the pending domain join script.

../../_images/domain-join-scripts-1.png

After the log in to Univention Management Console you are notified about pending join scripts.

../../_images/domain-join-scripts-2.png

The LinOTP join script needs to be started.

After the join script has finished LinOTP is ready to be used.

You can find links to the LinOTP Management WebUI and the Selfservice Portal on the UCS overview page.