Getting Started with PAM360 Application

Upon completing the PAM360 setup, you can begin using the application. Before configuring the necessary settings and working with the PAM360 console, it is important to familiarize yourself with a set of initial start-ups that will facilitate continuing with further PAM360 operations. This guide provides comprehensive steps on starting, shutting down, and launching the PAM360 application in both Windows and Linux environments. It also covers accessing PAM360 via the web client, configuring service accounts using gMSA (group Managed Service Account), and troubleshooting tips.

At the end of this document, you will have learned about the following operations:

Starting and Shutting Down PAM360 Application
Launching the PAM360 Web Client
Running the PAM360 Service using a Group Managed Service Account (gMSA)

1. Starting and Shutting Down PAM360 Application

1.1 In Windows

PAM360 can be started, stopped, or restarted via the Windows services console. Additionally, the tray icon on the taskbar provides quick access to start or stop the service and launch the web console.

Using the Start Menu	Using the Tray Icon
Navigate to Start >> Run [OR] press Win+r. The Run box appears. Type services.msc and hit Enter. Locate the PAM360 service in the Services console. You can start, stop or restart the service from the services console.	Once you have successfully installed PAM360 in your system, you will find the PAM360 icon in the windows tray area on the far right end of your task bar. Right click the tray icon and click the desired operation: Start the PAM360 Service Stop the PAM360 Service Launch the PAM360 web console

1.2 In Linux

PAM360 can be run as a background service by executing specific commands in a non-root user environment. The service can be started or stopped using terminal commands.

Procedure applies to builds 7200 and above

To start the PAM360 as a service in Linux, log in as non-root user and execute the following command. Upon execution, PAM360 server runs in the background as service.

systemctl start pam360.service

To check the status of the service, execute the following command:

systemctl status pam360.service

To stop PAM360 server started as a service, in Linux, execute the following command as non-root user.

systemctl stop pam360.service

Procedure applies to builds 7100 and below

To start the PAM360 as a service in Linux, log in as non-root user and execute the following command. Upon execution, PAM360 server runs in the background as service.

/etc/rc.d/init.d/pam360-service start

To stop PAM360 server started as a service, in Linux, execute the following command as non-root user.

/etc/rc.d/init.d/pam360-service stop

Changing the PAM360 Service to systemd Software Suite

By default, from build 7200, the PAM360 service will get installed in systemd software suite for utilizing the parallel processing of services and other service capabilities. However, for existing users prior to build 7200, the service will remain the same in the initd process control system unless they choose to change it. If you are an existing user and want to change the service to systemd software suite, follow the procedure mentioned below.

Log in as a root user, launch the console and navigate to the <PAM360-Installation-Directory>/bin folder.
Execute the script to remove the service from the existing service location (In Ubuntu, execute as bash pam360.sh remove).
```
sh pam360.sh remove
```
Execute the following command to reinstall the service (In Ubuntu, execute as bash pam360.sh install).
```
sh pam360.sh install
```
Now, execute the following command to start PAM360 as a service.
```
systemctl start pam360.service
```
To check the status of the PAM360 service, execute the following command.
```
systemctl status pam360.service
```

2. Launching the PAM360 Application in Web Client

For a newly configured setup, the default Username | Password is admin | admin.
Every time you start the server, PAM360 will be automatically launched in the browser.

There are different ways of connecting to the PAM360 web client:

2.1 Automatic Browser Launch

Once the server has started after the successful installation of PAM360, the PAM360 Login screen shows up in a browser window. As PAM360 uses secured HTTPS connection, you will be prompted to accept the Security Certificate. Hit Yes, type the Username and Password in the login screen and press Enter.

2.2 Launching the Web Client Manually

In Windows

Right-click the PAM360 tray icon and click PAM360 Web Console to launch the web client manually. The PAM360 Login screen shows up in a browser window. As PAM360 uses the secured HTTPS connection, you will be prompted to accept the Security Certificate. Hit Yes, type the Username and Password in the login screen and press Enter.

In Linux

Open a browser and connect to the URL - https://<hostname>:portnumber/

where, <hostname> is the host where the PAM360 server is running,<portnumber> is the default port 8282. For example, https://chnpam-165:8282

2.3 Connecting the Web Client in Remote Hosts

If you want to connect to the PAM360 web client in a remote machine (different from the one where PAM360 is running), open a browser and connect to the below URL - https://<hostname>:port

As PAM360 uses the secured HTTPS connection, you will be prompted to accept the Security Certificate. Hit Yes, type the Username and Password in the login screen and press Enter.

Additional Details

The administrator can modify the initial authentication mechanism to AD/LDAP/Microsoft Entra ID as needed, followed by two-factor authentication (2FA).

For a more streamlined and passwordless authentication process, utilize the Smart Login method by scanning the QR code with the PAM360 mobile application. Administrators can enable Smart Login or set it as the preferred initial login method by navigating to Admin >> Customization >> General Settings >> User Management.

3. Running the PAM360 Service using a gMSAccount

PAM360 supports managing services using a group Managed Service Account (gMSA), which enhances security and management of services. To learn about gMSA in detail, refer to Microsoft's documentation.

To create a group Managed Service Account,

Open Powershell ISE as administrator and execute the following commands:

Import-Module ActiveDirectory

Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))

New-ADServiceAccount -Name <MSA_AccountName> -DNSHostName <DNSNAme> -PrincipalsAllowedToRetrieveManagedPassword <Machine_Name>$

Add-ADComputerServiceAccount -Identity <Machine_Name> -ServiceAccount <MSA_AccountName>

Install -ADServiceAccount -Identity <MSA_AccountName>

Provide a full control permission to the PAM360 installation folder.
To configure the LogOn Services, do the following steps:
1. Navigate to Services >> Properties >> LogOn.
2. Browse for the MSA Account.
3. Now, clear the Password field and click Apply.
4. Click Ok.Now you have successfully configured the LogOn Services.

You have now successfully created a group Managed Service Account (gMSA) account. Now, you can run your PAM360 service using the gMSA account.

3.1 Troubleshooting Tip

If you are unable to install the service account, execute the below command before executing install statement:

Set-ADServiceAccount -Identity <MSA_AccountName> -KerberosEncryptionType AES128,AES256

Top