RCDevs Virtual Appliance Startup Guide
The RCDevs VMware Appliance is a streamlined Rocky Linux (64-bit) installation, preconfigured with RCDevs software packages installed via RCDevs RPM repositories. The appliance includes the following components:
- WebADM Server (located in
/opt/webadm/
). - WebADM Web Services: OpenOTP, SMSHub, OpenSSO, SpanKey (located in
/opt/webadm/websrvs/
). - WebADM Web Applications: SelfDesk, SelfReg, PwReset, OpenID (located in
/opt/webadm/webapps/
). - Radius Bridge (located in
/opt/radiusd/
). - RCDevs Directory Server (OpenLDAP, located in
/opt/slapd/
). - MariaDB Database Server (MariaDB).
- Postfix Local Mail Transfer Agent.
This configuration provides a ready-to-use environment for deploying RCDevs solutions.
In this documentation, we are using the RCDevs Directory Server to setup WebADM. Other LDAP infrastructure are also supported.
Download, import and start the appliance
Visit the RCDevs Website to download the Appliance ZIP archive, available in both VMX and OVF formats. The appliance is compatible with VMware ESX, ESXi, Workstation, Oracle VirtualBox.
After downloading, unzip the archive.
In VMware, select Import Appliance and choose either the VMX or OVF file.
Important: Do not copy and run the appliance directly without importing it, as this will cause the Appliance to fail during the boot process with a read-only filesystem error.
If needed, you can adjust the CPU and memory settings of your Appliance. By default, it is configured with 2 virtual CPUs and 1GB of memory.
If you choose to use the VMX import format instead of the preferred OVF format, you will need to manually configure the VM and use the VMX file as the SCSI storage. The following configuration details may be helpful:
- System Type: Linux 64-bit (2 CPUs and 1GB RAM)
- Disk Controller: SCSI LsiLogic
- Drive: The VMX file represents a dynamically allocated 20 GB drive
- Network: PCnet-FAST III (Am79C973) card
Keep the boot console open during the startup process to monitor for any errors. The Appliance is configured to obtain its IP address via DHCP.
VMware Import
- Locate Your VM Files:
- Select the VM Source:
- Click on
Finish
:
Start the Setup Script
This script runs only once, during the first boot, and does not require a login password. You can perform the setup via the console or by accessing the VM with SSH. To restart the setup, use the vm_init
command.
The WebADM setup script will prompt you for:
- Your time zone.
- (Optional) Configuration of the network interface.
- Selection and configuration of an LDAP server (the default LDAP server is already pre-configured).
Once the setup is complete, the script will start all necessary services:
- WebADM HTTP, SOAP, PKI, and Session Manager Services;
- Radius Bridge Service;
- LDAP Server;
- SQL Server: The SQL server is already pre-configured.
Setups
Simple setup with the Local LDAP database
The requirements for a simple setup are as follows:
- Full internet access from the virtual appliance;
- DHCP service running on your network
If these requirements are not met, the normal setup will be automatically triggered, allowing you to configure the network interface manually.
-------------------------------------------------------------------------
Welcome to RCDevs VMWare Appliance 2.3.20!
-------------------------------------------------------------------------
Do you wish to use the (s)imple, or the (n)ormal setup? 'Simple' sets
up a self-contained demo appliance and asks less questions. 'Normal'
allows you to use e.g. a remote LDAP server, like an Active Directory DC.
Please select (s) or [n]: s
Pinging cloud.rcdevs.com for up to 10 seconds.
Setting time zone to GMT-2, Google's guess according to your public IP address.
Checking system architecture...Ok
Creating self-signed certificate... Ok
Initializing LDAP data... Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
Adding DB backup script... Ok
LDAP Directory has successfully been setup.
Stopping RCDevs LDAP Directory... Ok
Checking system architecture...Ok
Generating CA private key... Ok
Creating CA certificate... Ok
Adding CA certificate to the local trust list... Ok
Generating SSL private key... Ok
Creating SSL certificate request... Ok
Signing SSL certificate with CA... Ok
Setting file permissions... Ok
Adding systemd service... Ok
Adding SELinux context... Ok
Adding logrotate scripts... Ok
Generating secret key string... Ok
WebADM has successfully been setup.
WebADM license file is missing. Please install an Enterprise, Freeware or Trial license file.
If you just upgraded, WebADM v2.0 now requires a license file even in Freeware or Trial mode.
Please point your Web browser to the URL below to get your license file.
After generation, WebADM will auto-install your new license and start.
https://cloud.rcdevs.com/freeware-license/?id=a9848f760d5174b1
Waiting for license file to be generated
At this step, access the provided license link to generate your license. Follow the instructions for the freeware license, and you will receive a confirmation email that will redirect you to the freeware license generator one last time. Select the products and features you want to include in your license.
The WebADM setup will continue as described below.
Waiting for license file to be generated.......... Ok
Checking library dependencies... Ok
Checking system architecture... Ok
Checking server configurations... Ok
Found Freeware license (FREE_0256554B011EB645)
Licensed by RCDevs Security SA to RCDevs
Licensed product(s): OpenOTP
Starting WebADM PKI service... Ok
Starting WebADM Session service... Ok
Starting WebADM Watchd service... Ok
Starting WebADM HTTP service... Ok
Checking server connections...
Connected LDAP server: LDAP Server (127.0.0.1)
Connected SQL server: SQL Server (127.0.0.1)
Connected PKI server: PKI Server (127.0.0.1)
Connected Session server: Session Server (127.0.0.1)
Checking LDAP proxy user access... Ok
Checking SQL database access... Ok
Checking PKI service access... Ok
Checking Cloud service access... Ok
Checking system architecture...Ok
Creating self-signed certificate... Ok
Setting file permissions... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
OpenOTP RADIUS Bridge has successfully been setup.
Checking the system architecture...Ok
Creating self-signed certificate... Ok
Adding the systemd service... Ok
Adding the logrotate script... Ok
OpenOTP LDAP Bridge has successfully been set up.
You can connect your server via SSH with 'ssh root@192.168.4.122'.
The password for root has just been changed to: pv8SNnBi
You can login RCDevs WebADM Admin Portal at 'https://192.168.4.122'.
WebADM login username is 'admin' (cn=admin,o=root).
WebADM login password is 'password'.
You can point your VPN appliance to 192.168.4.122, UDP port 1812 to
authenticate against OpenOTP using RADIUS. The secret is
'testing123'.
WARNING: This appliance is configured with permissive firewall,
dummy certificates, default passwords for services and root access.
You MUST re-configure your appliance before any production use!
Press any key to finish!
You can now log in to the WebADM Administrator portal to continue configuring applications and services, and proceed with client integrations.
Normal setup with Active Directory
With the normal setup, you can choose your preferred LDAP directory backend, such as Active Directory. In this example, we will use Active Directory. Follow the instructions provided by the VM setup script; afterward, the WebADM setup script will begin.
-------------------------------------------------------------------------
Welcome to RCDevs VMWare Appliance 2.3.20!
-------------------------------------------------------------------------
Do you wish to use the (s)imple, or the (n)ormal setup? 'Simple' sets
up a self-contained demo appliance and asks less questions. 'Normal'
allows you to use e.g. a remote LDAP server, like an Active Directory DC.
Please select (s) or [n]: n
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa 7) Australia
2) Americas 8) Europe
3) Antarctica 9) Indian Ocean
4) Arctic Ocean 10) Pacific Ocean
5) Asia 11) none - I want to specify the time zone using the Posix TZ format.
6) Atlantic Ocean
#? 8
Please select a country.
1) Albania 10) Czech Republic 19) Hungary 28) Malta 37) Romania 46) Turkey
2) Andorra 11) Denmark 20) Ireland 29) Moldova 38) Russia 47) Ukraine
3) Austria 12) Estonia 21) Isle of Man 30) Monaco 39) San Marino 48) Vatican City
4) Belarus 13) Finland 22) Italy 31) Montenegro 40) Serbia 49) Åland Islands
5) Belgium 14) France 23) Jersey 32) Netherlands 41) Slovakia
6) Bosnia & Herzegovina 15) Germany 24) Latvia 33) North Macedonia 42) Slovenia
7) Britain (UK) 16) Gibraltar 25) Liechtenstein 34) Norway 43) Spain
8) Bulgaria 17) Greece 26) Lithuania 35) Poland 44) Sweden
9) Croatia 18) Guernsey 27) Luxembourg 36) Portugal 45) Switzerland
#? 27
The following information has been given:
Luxembourg
Therefore TZ='Europe/Luxembourg' will be used.
Local time is now: Wed Sep 4 14:24:39 CEST 2024.
Universal Time is now: Wed Sep 4 12:24:39 UTC 2024.
This VM is running with dynamic IP assignment (DHCP)
The current IP address is 192.168.4.122
Do you want to configure a static IP ([y]/n)? y
Please type the fixed IP address [192.168.4.122]:
192.168.4.122
Please type the network mask [255.255.255.0]:
255.255.255.0
Please type the gateway address [192.168.4.254]:
192.168.4.254
Please type your primary DNS server IP [8.8.8.8]:
8.8.8.8
Please type your secondary DNS server IP []:
Fixed IP address: 192.168.4.122
Network address: 192.168.4.0
Network mask: 255.255.255.0
Gateway IP address: 192.168.4.254
Primary DNS server: 8.8.8.8
Do you confirm ([y]/n): y
Restarting network...
Please enter the hostname [rcvm.rcdevs.local]: webadm.rcdevsdocs.com
Checking system architecture...Ok
Creating self-signed certificate... Ok
Initializing LDAP data... Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
Adding DB backup script... Ok
LDAP Directory has successfully been setup.
Stopping RCDevs LDAP Directory... Ok
Checking system architecture...Ok
RCDEVS WEBADM LICENSE AGREEMENT
RCDevs WebADM Server ("WebADM")
Copyright (c) 2010-2024 RCDevs Security SA, All rights reserved.
IMPORTANT: READ CAREFULLY: By using, copying or distributing the Software
Product you accept all the following terms and conditions of the present
WebADM License Agreement ("Agreement").
If you do not agree, do not install and use the Software Product.
WebADM includes additional software products provided by RCDevs SA under
freeware and commercial licenses. These additional software are installed
under the "/opt/webadm/webapps" and "/opt/webadm/websrvs" directories.
This Agreement is subject to all the terms and conditions of any such
additional software license.
1. DEFINITIONS. "Software Product" means RCDevs Server with which the
Agreement is provided which may include third party computer information
or software, including apache2, php, libcurl, libgmp, libxcrypt, libxml2,
libpng, libqrencode, openldap, openssl, apcu, unixodbc, geoip, expat,
hiredis, nghttp2, hiredis, libmaxmind, libcouchbase, cyrus-sasl, redis,
awesome-fonts unmodified software and libraries and related explanatory
written materials ("Documentation"). "You" means you or any recipient
that obtained a copy of the Software Product pursuant to the terms and
conditions of the Agreement.
2. LICENSE. Subject to your compliance with the terms and conditions of
the Agreement, including, in particular, the provisions in Sections 3, 5
and 6 below, RCDevs hereby grants You a non-exclusive and royalty-free
license to use and distribute the Software Product solely for
non-commercial purposes in worldwide. You may:
a. download and install the Software Product on any computer in your
possession;
b. use the Software Product and any copy solely for a non-commercial
purposes;
c. make any original copies of the Software Product; and
d. distribute any copy of the Software Product only in the form
originally furnished by RCDevs with no modifications or additions
whatsoever. If You have the slightest doubt that your copy of the
Software Product is not original, You must contact RCDevs for an
original copy.
3. OBLIGATIONS AND RESTRICTIONS ON LICENSE. The license granted in
Section 2 is subject to the following obligations and restrictions:
a. The Software Product and copies are to be used only for non-commercial
purposes. Prohibited commercial purposes include, but are not limited to:
(i) Selling, licensing or renting the Software Product to third
parties for a fee (by payment of money or otherwise, whether direct or
indirect);
(ii) Using the Software Product to provide services or products to
others for which you are compensated in any manner (by payment of
money or otherwise, whether direct or indirect), including, without
limitation,providing support or maintenance for the Software Product;
(iii) Using the Software Product to develop a similar application on
any platform for commercial distribution.
You shall use your best efforts to promptly notify RCDevs upon learning
of any violation of the above commercial restrictions.
b. RCDevs, in its sole and absolute discretion, may have included a
portion of the source code or online documentation of the Software.
Except for any such portions, YOU SHALL NOT MODIFY, REVERSE ENGINEER,
DECOMPILE, DISASSEMBLE, OR OTHERWISE ATTEMPT TO DISCOVER THE SOURCE CODE
OF THE SOFTWARE PRODUCT, except to the extent this restriction is
prohibited by applicable law. Further, You may not create derivate works
of or based on the Software Product.
c. Any copy of the Software Product that you make must conspicuously and
appropriately reproduce and contain RCDevs's copyright and other
proprietary notices that appear on or in the Software Product (see
Software Product for examples of such notices) and disclaimer of
warranty; keep intact the Agreement and all notices that refer to the
Agreement and any absence of warranty; and give any other recipients of
the Software Product a copy of the Agreement.
d. As used in this Agreement, the term "distribute" includes making the
Software Product available (either intentionally or unintentionally) to
third parties for copying or using. Each time You distribute the Software
Product or any original copy of the Software Product, You are responsible
for the recipient expressly agree to comply with the terms and conditions
of the Agreement. The recipient automatically receives the license to
use, copy or distribute the Software Product subject to these terms and
conditions. You may not impose any further restrictions on the
recipients' exercise of the rights granted herein.
e. RCDevs shall have no obligation to provide any maintenance, support,
upgrades or new releases of the Software Product.
4. INTELLECTUAL PROPERTY OWNERSHIP, RESERVATION OF RIGHTS. Title,
copyright, ownership rights, and any other intellectual property rights
in and to the Software Product, including its Documentation, and each
copy thereof are and shall remain the only and absolute property of
RCDevs. Except as expressly stated herein, the Agreement does not grant
You any intellectual property rights in the Software Product and all
rights not expressly granted are reserved by RCDevs.
5. WARRANTY DISCLAIMER.
THE SOFTWARE PRODUCT IS LICENSED FREE OF CHARGE, AND THERE IS NO WARRANTY
OF ANY KIND FOR THE SOFTWARE PRODUCT.
RCDevs PROVIDE THE SOFTWARE PRODUCT "AS IS" WITH ALL FAULTS AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
TITLE, CUSTOM, ACCURACY OF INFORMATIONAL CONTENT, SYSTEM INTEGRATION OR
NON-INFRINGEMENT ARE DISCLAIMED.
THE ENTIRE RISK AS TO THE RESULTS, QUALITY AND PERFORMANCE OF THE
SOFTWARE PRODUCT IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU
(AND NOT RCDevs) ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
CORRECTION.
6. LIMITATION OF LIABILITY.
YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT IN NO EVENT WILL RCDevs BE
LIABLE FOR ANY DAMAGES, CLAIMS OR COSTS WHATSOEVER INCLUDING ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, CONSEQUENTIAL OR EXEMPLARY
DAMAGES,INCLUDING BUT NOT LIMITED TO,DAMAGES FOR LOSS OF USE, DATA, OR
OTHER INTANGIBLE LOSSES, ARISING OUT OF, OR RELATED TO THE AGREEMENT OR
TO YOUR USE OR THE INABILITY TO USE THE SOFTWARE PRODUCT OR
DOCUMENTATION, EVEN IF RCDevs HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
LOSS, DAMAGES OR CLAIMS.
7. TERMINATION. The license granted hereunder is effective until
terminated by RCDevs, in its sole discretion, after notification.
You may terminate the Agreement at any time by uninstalling and
destroying all copies of the Software Product in your possession
or control.
This license will terminate automatically if you fail to comply with the
terms and conditions of the Agreement above. Upon such termination, you
must destroy all copies of the Software Product.
The provisions of Section 5 and 6 shall survive the termination of the
Agreement.
8. APPLICABLE LAW AND GENERAL PROVISIONS. The Agreement will be governed
by and construed in accordance with the Luxembourg law and submitted to
the Luxembourg competent courts.
The URL-link of any open-source files and libraries relating to the
Software Product is located in the file docs/licenses.txt.
If you have any questions, notices or information relating to the
Agreement, please use the address and contact information included with
the Software Product or via the web at http://www.rcdevs.com/.
I agree with RCDevs WebADM terms and conditions (Yes/No): yes
Will this WebADM master server be part of a cluster? (y/[n])? n
Setup WebADM as a Standalone CA (1) or Subordinate CA (2) ([1]/2)? 1
Configuring WebADM as a Standalone CA requires defining a subject for the CA certificate.
This subject information matters as it will be visible in chain of every certificate issued by WebADM!
Do you want to define yourself this subject (1) or
let the setup script generates a default name like '/CN=WebADM CA# XXXXX' (2)?
Please select (1) or [2]: 2
WebADM proposes 4 default configuration templates:
1) Default configuration (RCDevs Directory in localhost)
2) Other generic LDAP server (Novell eDirectory, Oracle, OpenLDAP)
3) Active Directory with schema extention (preferred with AD)
4) Active Directory without schema extention
5) Active Directory schemas Mixed (Extended and Not Extended schema setup used)
Choose a template number [1]: 4
Please type the name/ip of the LDAP server: ad1.rcdevsdocs.com
Please type the port for LDAP [389]:
Checking LDAP port 389 on ad1.rcdevsdocs.com... Ok
Please choose the encryption ([TLS]/SSL/NONE)?NONE
Please type domain FQDN (i.e. dc=lab,dc=local) []: dc=rcdevsdocs,dc=com
Please type a service account with read/write access to LDAP [cn=proxy-webadm,cn=Users,dc=rcdevsdocs,dc=com]: cn=administrator,cn=users,dc=rcdevsdocs,dc=com
Please type the proxy user password for cn=administrator,cn=users,dc=rcdevsdocs,dc=com:
Testing user access...Ok
Please type an account or group DN with read/write access to LDAP (multiple accounts and groups can be
configured later in webadm.conf. Nested groups are not supported for super_admins) [cn=administrator,cn=users,dc=rcdevsdocs,dc=com]:
cn=administrator,cn=users,dc=rcdevsdocs,dc=com]
Please type the WebADM container [cn=WebADM,dc=rcdevsdocs,dc=com]:
cn=WebADM,dc=rcdevsdocs,dc=com
Enter the server fully qualified host name (FQDN) [webadm.rcdevsdocs.com]:
webadm.rcdevsdocs.com
Enter your organization name: RCDevs Documentation
Generating CA private key... Ok
Creating CA certificate... Ok
Adding CA certificate to the local trust list... Ok
Generating SSL private key... Ok
Creating SSL certificate request... Ok
Signing SSL certificate with CA... Ok
Setting file permissions... Ok
Adding systemd service... Ok
Adding SELinux context... Ok
Adding logrotate scripts... Ok
Generating secret key string... Ok
WebADM has successfully been setup.
WebADM license file is missing. Please install an Enterprise, Freeware or Trial license file.
If you just upgraded, WebADM v2.0 now requires a license file even in Freeware or Trial mode.
Please point your Web browser to the URL below to get your license file.
After generation, WebADM will auto-install your new license and start.
https://cloud.rcdevs.com/freeware-license/?id=8af8a183d2464b9b
Waiting for license file to be generated.... Ok
Checking library dependencies... Ok
Checking system architecture... Ok
Checking server configurations... Ok
Found Freeware license (FREE_0256554B011EB645)
Licensed by RCDevs Security SA to RCDevs
Licensed product(s): OpenOTP
Starting WebADM PKI service... Ok
Starting WebADM Session service... Ok
Starting WebADM Watchd service... Ok
Starting WebADM HTTP service... Ok
Checking server connections...
Connected LDAP server: LDAP Server (192.168.4.163)
Connected SQL server: SQL Server 1 (::1)
Connected PKI server: PKI Server 1 (127.0.0.1)
Connected Session server: Session Server 1 (::1)
Checking LDAP proxy user access... Ok
Checking SQL database access... Ok
Checking PKI service access... Ok
Checking Cloud service access... Ok
Checking system architecture...Ok
Creating self-signed certificate... Ok
Setting file permissions... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
OpenOTP RADIUS Bridge has successfully been setup.
Checking the system architecture...Ok
Creating self-signed certificate... Ok
Adding the systemd service... Ok
Adding the logrotate script... Ok
OpenOTP LDAP Bridge has successfully been set up.
You can connect your server via SSH with 'ssh root@192.168.4.122'.
Please enter a new root password for console and ssh login:
Please enter it again:
Updating password
Please try a ssh login to 192.168.4.122 in an other session, does it work? (y/[n]): y
You can login RCDevs WebADM Admin Portal at 'https://192.168.4.122'.
WebADM login user DN is 'cn=administrator,cn=users,dc=rcdevsdocs,dc=com'.
You can point your VPN appliance to 192.168.4.122, UDP port 1812 to
authenticate against OpenOTP using RADIUS. The secret is
'testing123'.
WARNING: This appliance is configured with permissive firewall,
dummy certificates, default passwords for services and root access.
You MUST re-configure your appliance before any production use!
Press any key to finish!
[root@rcvm ~]#
You can now log in to the WebADM Administrator portal by accessing the server's IP address or FQDN through your web browser and completing the graphical setup.
When accessing the Administrator portal, you will be prompted that No domain domain has been configured and you must login for the first time with the super_admin distinguishedName. In that documentation, we use the default Active Directory administrator account, where the DN is :
cn=administrator,cn=users,dc=rcdevsdocs,dc=com
Once authenticated on the WebADM Administrator Portal, you will be prompted to fnish the graphical setup.
Scroll down and click on Create default containers and objects
button:
Click Ok
, then you can navigate to the Applications
tab to Register and configured the desired applications and services.
Resetting the Appliance
At any time, you can reset the VMware appliance to its original state by running the vm_init
command from the shell (e.g., if you want to restart the initial setup). Note that re-running the vm_init
script will remove any work data on the VM.
You can find the WebADM setup script in /opt/webadm/bin/
, the Radius Bridge setup script in /opt/radiusd/bin/
, and the OpenLDAP setup script for the RCDevs Directory Server in /opt/slapd/bin/
.
Please refer to the INSTALL and README files located in /opt/webadm/
, /opt/radiusd/
, and /opt/slapd/
for additional information.
Upgrade the Appliance
To upgrade the RCDevs appliance, simply run the following command:
dnf update
This will update all RCDevs packages and other software installed on the appliance. A restart may be required to complete the upgrade.