SMU provides two user interfaces: a browser user interface (BUI) and a command-line interface (CLI). The command-line interface can be accessed using SSH or WinRS clients. The browser user interface can be accessed using any standard web browser.
Command-Line Interface
The SMU command-line interface can be accessed using standard remote shell commands: the ssh command on UNIX hosts, and the winrs.exe command on Windows hosts.
Accessing the Command-Line Interface Using SSH
Secure Shell is the standard for remote shell access on UNIX hosts. SMU embeds an SSHDv2 server to allow easy access to the SMU CLI from UNIX environments.
To access the command-line interface using SSH, type the following command:
$ ssh -l <username> -p <port> -o “HostKeyAlias <alias>” <hostname>
You can specify a local or LDAP user that exists in the SMU database. For port, use the port number that is specified in the smu.conf file. The HostKeyAlias option is used to create and/or reference a separate record in the SSH $HOME/.ssh/known_hosts file. By default the ssh command uses the hostname as the alias. By specifying a separate alias, you are able to have two separate records in the client file: one for the host and one for the SMU server.
Accessing the Command-Line Interface Using WinRS
Windows Remote Shell (WinRS) is a standard command for accessing other Windows systems remotely. For more information on Windows Remote Shell, please consult the Microsoft Windows documentation at: http://technet.microsoft.com. SMU embeds a WinRS server for easy access to the SMU CLI from Windows environments.
To access the command-line interface using encrypted WinRS, type the following command: C:\>winrs -r:<hostname>:<port> -u:<username> -ssl smu
Only local SMU users are supported using this access method. The port should be the port number that is specified in the smu.conf file for WinRS. The command argument must be smu. This indicates that the SMU command shell should be executed.
Authenticating with WinRS
The SMU WinRS server only supports Basic authentication. You must configure the following winrm/config/client properties to access the SMU server:
c:\>winrm set winrm/config/client @{AllowUnencrypted=”true”} c:\>winrm set winrm/config/client/auth @{Basic=”true”}
c:\>winrm set winrm/config/client @{TrustedHosts=”<hostname>”}
You must also ensure that the LAN Manager authentication level will support the Microsoft security protocols LAN Manager and NT LAN Manager (designated as LM & NTLM), and use NTLMv2 session security if negotiated.
1. Open the Local Security Policy.
2. From a command prompt, enter secpol.msc. 3. Double-click Local Policies.
4. Double-click Security Options.
5. Double-click Network security: LAN Manager authentication level.
6. Select Send LM & NTLM – Use NTLMv2 session security if negotiated from the pull-down menu. 7. Click OK.
Note that you will have to add the SMU service self-signed certificate to the trusted certificate store on your Windows host before connecting. To obtain the SMU service self-signed certificate, perform the following steps. Instructions for both SSH and web browser sessions are shown.
Using SSH: 1. Log in to SMU.
2. Enter certs get all.
3. Copy the encoded certificate (encoded text starts with "----BEGIN CERTIFICATE---" and ends with "--- END CERTIFICATE---") and paste it into a file.
4. Save the file, using the suggested file extension .cer, which is the standard file extension for X.509 certificates.
5. Right-click on the certificate file from Internet Explorer and select "Install Certificate".
6. Make sure the certificate is installed into the "Trusted Root Certificate Authorities" certificate store. Using your web browser:
1. Point your browser to URL https://<SMU Host>:8443.
2. You should be presented with the "Untrusted Connection" page, where you will select the following: • Click the Add Exception... button.
• Click the View button. • Click the Details tab. • Click the Export button.
3. Save the certificate to a file. The file extension .cer is automatically used. 4. Right-click on the certificate file from Explorer and select "Install Certificate".
5. Make sure the certificate is installed into the "Trusted Root Certificate Authorities" certificate store.
Accessing and Authenticating Using the Browser User Interface
The SMU browser user interface is accessed using a standard web browser. For detailed listings of supported browsers and recommended settings information, see: http://jdevadf.oracle.com/adf-richclient-
The following table lists standard supported web browsers.
TABLE 8. SUPPORTED WEB BROWSERS
WEB BROWSER SUPPORTED VERSION
Firefox 2.x through 13+
Internet Explorer 7, 8, 9
Safari 3.1.2, 4, 5
To access the encrypted SMU web application, use the following URL: https://<hostname>:<port>/smu
The hostname is the hostname or IP address of the host upon which SMU is running. The port number is the HTTPS port (encrypted application) specified in the smu.conf file. The default port is 8443.
The SMU web server uses a self-signed certificate. You must accept the certificate the first time you access the SMU web server using HTTPS.
Once you are connected to the SMU BUI, you will be presented with the SMU login page. To log in to the SMU BUI, enter your SMU user and password. For initial access to the SMU BUI, you can use the user name admin, then the default password changeit. Once you log in to the SMU BUI, you should be able to change the password on the User tab of the Administrations panel.