Chat now with support
Chat mit Support

Safeguard Authentication Services 6.0.1 - Administration Guide

Privileged Access Suite for UNIX Introducing One Identity Safeguard Authentication Services UNIX administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing UNIX hosts with Group Policy
Safeguard Authentication Services Group Policy
Group Policy Concepts UNIX policies One Identity policies
Display specifiers Troubleshooting Glossary

Display specifier registration tables

Display specifiers are stored in the Active Directory configuration partition under the DisplaySpecifiers container. The DisplaySpecifiers container has child containers named for a corresponding locale ID. US English display specifiers are in cn=409,cn=DisplaySpecifers,cn=Configuration,dc=domain. The following modifications are made for each locale by the display specifier registration script, DsReg.vbs.

Table 22: Object: User-Display
Attribute Change type Value Description

adminPropertyPages

modify, insert

10,{E399C9A2-E7ED-4DDF- 9C5A-BA4EACC34316}

Registers the UNIX Account property page extension with User objects.

adminPropertyPages

modify, insert

11,{53108A01-9B68-4DFB- A16D-4945D26A38A9}

Registers the UNIX Personality property page extension with User objects.

attributeDisplayNames

modify, insert

uidNumber, UID Number

Provides a more user-friendly name for the UNIX user ID number attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

uid, Login Name

Provides a more user-friendly name for the UNIX login name attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

gidNumber, GID Number

Provides a more user-friendly name for the UNIX group ID number attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

canonicalName, Path

Provides a more user-friendly name for the UNIX canonical name attribute. Allows this attribute to display in the UNIX Object find dialog results.

Table 23: Object: Group-Display
Attribute Change type Value Description

adminPropertyPages

modify, insert

10,{E399C9A2-E7ED-4DDF- 9C5A-BA4EACC34316}

Registers the UNIX Account property page extension with User objects.

attributeDisplayNames

modify, insert

gidNumber, GID Number

Provides a more user-friendly name for the UNIX group ID number attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

canonicalName, Path

Provides a more user-friendly name for the UNIX canonical name attribute. Allows this attribute to display in the UNIX Object find dialog results.

Table 24: Object: vintela-UnixUserPersonality-Display
Attribute Change type Value Description

cn

create object

vintela-UnixUserPersonality- Display

The display specifier object is created.

adminPropertyPages

modify, insert

10,{E399C9A2-E7ED-4DDF- 9C5A-BA4EACC34316}

This registers the UNIX User Personality property page extension with user personality objects.

classDisplayName

modify, set

UNIX User Personality

Sets the friendly name of the object class. This is the text displayed in the New Object menu and elsewhere in ADUC.

creationWizard

modify, set

{57AC8F6B-5EA8-4DC9- AB9A-C0ED6420C7F9}

This registers the "New UNIX User Personality" object creation wizard. This creation wizard registration mechanism works in ADUC, but is not yet supported in Active Roles. To create personality objects in Active Roles, use the Advanced Create Wizard and select the UNIX User Personality object class.

iconPath

modify, insert

0,vas_dua_user.ico

This is the default personality icon. This icon is installed by Safeguard Authentication Services in the %SYSTEMROOT%\system32 folder so that it is available to all applications that might need it.

iconPath

modify, insert

1,vas_dua_user_disabled.ico

This icon is not currently used.

iconPath

modify, insert

2,vas_dua_user_orphaned.ico

This icon is not currently used.

attributeDisplayNames

modify, insert

uidNumber, UID Number

Provides a more user-friendly name for the UNIX user ID number attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

gidNumber, GID Number

Provides a more user-friendly name for the UNIX group ID number attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

uid, UNIX Login Name

Provides a more user-friendly name for the UNIX login name attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

description, Description

Provides a more user-friendly name for the description attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

canonicalName, Path

Provides a more user-friendly name for the UNIX canonical name attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

managedBy, Linked To

Provides a more descriptive name for the managed by attribute to indicate how this attribute is used on personality objects. Allows this attribute to display in the UNIX Object find dialog results.

Table 25: Object: vintela-UnixGroupPersonality-Display
Attribute Change type Value Description

cn

create object

vintela-UnixGroupPersonality- Display

The display specifier object is created.

adminPropertyPages

modify, insert

10,{E399C9A2-E7ED-4DDF- 9C5A-BA4EACC34316}

This registers the UNIX User Personality property page extension with user personality objects.

classDisplayName

modify, set

UNIX Group Personality

Sets the friendly name of the object class. This is the text displayed in the New Object menu and elsewhere in ADUC.

creationWizard

modify, set

{A7C4A545-C7C8-49C8- 8C96-8C665E166D0C}

This registers the "New UNIX User Personality" object creation wizard. This creation wizard registration mechanism works in ADUC, but is not yet supported in ARS. To create personality objects in ARS, use the Advanced Create Wizard and select the UNIX User Personality object class.

iconPath

modify, insert

0,vas_unix_group.ico

This is the default personality icon. This icon is installed by Safeguard Authentication Services in the %SYSTEMROOT%\system32 folder so that it is available to all applications that might need it.

attributeDisplayNames

modify, insert

gidNumber, GID Number

Provides a more user-friendly name for the UNIX group ID number attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

cn, Name

Provides a more user-friendly name for the UNIX login name attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

description, Description

Provides a more user-friendly name for the description attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

canonicalName, Path

Provides a more user-friendly name for the UNIX canonical name attribute. Allows this attribute to display in the UNIX Object find dialog results.

attributeDisplayNames

modify, insert

managedBy, Linked To

Provides a more descriptive name for the managed by attribute to indicate how this attribute is used on personality objects.

Troubleshooting

To help you troubleshoot, One Identity recommends the following resolutions to some of the common problems you might encounter as you deploy and use Safeguard Authentication Services.

Getting help from technical support

If you are unable to determine the solution to a problem, contact Technical Support for help.

Before you contact Support, please collect the following information:

  1. Take a system information snapshot. To do this, run the following command as root:

    /opt/quest/libexec/vas/scripts/vas_snapshot.sh

    This produces an output file in /tmp.

  2. Make note of the UNIX attributes for the user that cannot log in (if applicable). To do this, capture the output from the following commands:

    vastool -u host/ attrs <username>
    id <username>

    NOTE: Depending on your platform, you may need to run id -a instead of id.

  3. Copy the text from any error messages that you see.

  4. Save the results of running a "double su." To do this, log in as root and run su <username> note any error messages. Then run su <username> again and note any error messages.

Once you have collected the information listed above, contact Support at https://support.oneidentity.com/authentication-services/.

Disaster recovery

Since Safeguard Authentication Services relies on Active Directory, follow Microsoft’s best practices for keeping the database highly available. The administration tools are not critical to the operation of Safeguard Authentication Services and can quickly be reinstalled from scratch if needed.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen