Installing the Access Manager Agent on Linux
PreviousInstalling the Access Manager Agent on WindowsNextInstalling the Access Manager Agent on macOS
Last updated
Was this helpful?
Last updated
Was this helpful?
The Access Manager Agent makes use of the chpasswd tool, built into most Linux distributions. Ensure this tool is available before installing the agent.
The agent must be able to validate the AMS server certificate. If you are using a private CA, or a self-signed certificate, consult the guide relevant to your OS for how to add the certificate to the OS trust store. You can use OpenSSL to validate the trust state of the certificate using the openssl verify cert.crt command.
The agent itself runs using systemd, and as it requires access to reset the root password, must be run as the root user.
The agent is build using Microsoft .NET 8.0. Ensure the distribution you are using is supported See the for more information.
If you are installing the agent for the first time, simply run:
If you are upgrading the agent from version 2, ensure you include the --allowerasing argument to ensure the installation process can remove the old agent and migrate configuration:
If you are installing the agent for the first time, simply run:
If you are upgrading the agent from version 2, ensure you include the --allowerasing argument to ensure the installation process can remove the old agent and migrate configuration:
Use the appropriate package management tool to install the agent
If you are installing the agent for the first time, simply run:
If you are upgrading the agent from version 2, ensure you include the --autoremove argument to ensure the installation process can remove the old agent and migrate configuration:
If you are installing the agent for the first time, simply run:
If you are upgrading the agent from version 2, ensure you include the --autoremove argument to ensure the installation process can remove the old agent and migrate configuration:
Use the appropriate package management tool to install the agent
Extract the archive to the root file system, allowing the files to be placed in their correct location. See the File location section below for more information on what files get unpacked and where.
Run the following command to register the service with systemd
Continue to the Configuring the agent section below.
Once the package is installed, it must be configured to talk to your AMS server. You can run the following command to perform an interactive installation.
If your device is joined to an Active Directory domain, you can use Windows authentication (kerberos) to authenticate to the AMS server. Otherwise, you will need to create a registration key on the AMS server and use that instead.
To perform a non-interactive installation, use the following command, replacing the server name, and registration key as appropriate. You can generate new registration keys using the AMS configuration tool.
Install the agent using a registration key
Install the agent using Windows authentication (kerberos)
Check the log using the instructions in the Viewing the log files section below to ensure the agent registered correctly.
On the Access Manager server, go to the Access Manager Agent/Devices page, and ensure that the devices you installed the agent on have appeared in the device list. If you configured your registration key to require manual approval, you must approve the devices before they can be accessed.
The Lithnet Access Manager Agent runs as a daemon using systemd. You can use standard systemd commands to start, stop and restart the agent.
The agent logs are viewed using journalctl.
To show all events in the log use the following command
To show a live stream of log messages use the following command
The agent creates and uses the following files and folders.
/etc/LithnetAccessManagerAgent.conf - The main configuration file for the application. This contains the AMS server name and other settings relevant to the application.
/var/lib/LithnetAccessManagerAgent/LithnetAccessManagerAgent.state - This contains information used by the agent to store its current state information. This file should not be modified. It is generated by the app when it is run, and is not part of the installation package.
/opt/LithnetAccessManagerAgent - This directory contains the application binary files.
/etc/systemd/system/LithnetAccessManagerAgent.service - The systemd entry for the agent
While you do not need to install the .NET package itself, as the agent contains all the .NET components it needs to run, there are certain dependencies required by .NET, that if are not present, will prevent the agent from running. If you run into this issue, you may wish to install the .NET 8.0 package to automatically obtain the dependencies, or that .NET requires, and install these yourself.
If the hostname provided does not match exactly the External host name value configured on the , the agent will fail to connect to the server