Linux Installation in IDP mode

  • 20 July 2023
  • 4 replies
  • 205 views

Badge +2

I am currently adding the Netskope agent install to our build script for Ubuntu 22.04

When installing via the normal method detailed here: Netskope Client For Linux - Netskope Knowledge Portal

The agent installs fine but I am unable to get the agent to talk to our tenant, I enter our tenant name as both the name or the ns-auth version but this doesn't work I get the following error:

Unable to verify Organization name Please verify and try again client - ERR_ORGID_NOT_FOUND

When trying to install the agent via the NSClient.run -i | --idp line the script fails returning " --idp command not found"

I am not the best with linux by any means so would appreciate any insight into getting this to work in IDP mode so we can have staff members using Ubuntu just login with their SAML credentials instead of the tenant needing to be linked.

Thanks


4 replies

Userlevel 6
Badge +16

Hello @Dan_ZA,

 

The first error usually occurs if you have not configured or enabled SAML Forward Proxy Auth.  The error indicates that it directed to your tenant but we could not forward to your IDP.  Do you have a SAML integration configured with your IDP under forward proxy? 

As for the second, I'm not a Linux expert either but I believe it's indicating that you should provide the -i OR the --idp flags not both.  So the command should be NSClient.run -i or  NSClient.run --idp.  You can also add the additional parameters for your tenant and domain using a similar syntax.  Please let me know if this doesn't work and I'm happy to look into this further. 

Badge +6

The 'pipe' or '|' character in linux is typically used to redirect the standard output of one command into another. It is also used frequently to denote mutually-exclusive flags, or aliases to a command. So when the documentation says "-i | --idp" it means to use only one of the options. For example you would use:

This tells the installer to use IDP mode and the tenant will be resolved to mytenant.goskope.com

 

sudo ./NSClient.run -i -t mytenant -d goskope.com
OR
sudo ./NSClient.run --idp -t mytenant -d goskope.com

 

Badge +2

sorry to clarify this was with using either of the flags that was a poor copy paste from my end 

I got this working after a fresh re-install of Ubuntu and using the -o [tenant id] and -m email address (input managed via provisioning script for the email address) so have managed to resolve this query now thank you

Badge +2

Just to repeat as above to clarify this was with using either of the flags that was a poor copy paste from my end 

I got this working after a fresh re-install of Ubuntu and using the -o [tenant id] and -m email address (input managed via provisioning script for the email address) so have managed to resolve this query now thank you

Reply