Chat now with support
Chat mit Support

One Identity Management Console for Unix 2.5.3 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Management Console for Unix Log On page

Whenever you launch the mangement console, you must enter an authorized account to proceed. The Management Console for Unix features that are available depend on the account with which you log in.

To use the core version of the mangement console to manage local Unix users and groups and to access system settings, you must use the supervisor account (that is, you must log on with the supervisor user name). However, to use the Active Directory features of Management Console for Unix, you must log on with an Active Directory account that has been granted access to the mangement console. That is, defined during the post-installation configuration. See Set up console access by role for details. To add additional accounts to this access list, see Adding (or Removing) role members.

To log on to the mangement console

  1. Enter the user name and password and click Sign In.

    Enter:

    • the supervisor account name
    • a sAMAccountName, which uses the default domain
    • a User Principal Name in the form, username@domain

    The mangement console opens and displays the user name you specified in the upper right-hand corner of the screen.

  2. To log on using a different account, click the authenticated user's login name and click Sign Out. Then sign back on using a different account.

    The Log-on page redisplays, allowing you to enter a different account.

Getting Started Tab

The first time you start Management Console for Unix, it opens the Getting Started tab which describes the new features in mangement console and provides you with a self-directed introduction to the basics of managing your hosts within the mangement console.

Note: If the Getting Started tab does not open, you can access it from the Help drop-down menu located in the upper-right corner of the console.

It's simple. Just follow the tasks on the left, in order. As you complete each task your progress is tracked. The right panel explains the procedures that you would do on the mangement console. Click Next to go to the next step within a task. Click the help icon in the upper right-hand corner of the mangement console to access context-sensitive help. For more information, open the help drop-down menu to access the user documentation.

Note: It's important to understand that this is not just a "test drive". You will be adding and configuring a remote host in your environment and adding real data to the database. The only way to restart the Getting Started session to repeat the procedures is to stop the service, delete the database, and restart Management Console for Unix.

There are three main tasks: General, Authentication Services, and Privilege Manager.

The General task introduces you to the new features of the mangement console since the last release, shows you an overview of the basic console functions, and then directs you to perform these tasks:

  1. Add a Host.
  2. Profile a Host.
  3. Configure Active Directory for Authentication Services; that is, prepare Active Directory to store the configuration settings that it uses.

The Authentication Services task introduces you to Authentication Services, and then directs you to perform these tasks:

  1. Verify the path to the Authentication Services software on your server.
  2. Install the Authentication Services software on the host you set up in the General task.

The Privilege Manager task introduces you to Privilege Manager for Unix, and then directs you to perform these tasks:

  1. Verify the path to the Privilege Manager software on your server.
  2. Install the Privilege Manager Policy Server software on the host you set up in the General task.
  3. Configure the host as a primary policy server.
  4. Join a PM Agent or Sudo Plugin host to the policy group,

We hope this experience gives you a quick start to using Management Console for Unix.

Upgrade Quest Identity Manager for Unix

The process for upgrading Identity Manager for Unix to Management Console for Unix is similar to installing it for the first time. The installer detects an older version of the console and automatically upgrades the components.

Note: The procedures in this topic assume you have Quest Identity Manager for Unix 1.0.1 or greater installed. If you are upgrading a previous version of Identity Manager for Unix, you must uninstall the web console and do a fresh install of Management Console for Unix; you can not upgrade 1.0.0.

Before you begin the upgrade procedure,

  • Delete your browser's cached Temporary Internet Files and Cookies.
  • Close the console and make a backup of your database, as explained in step 1.

To upgrade Identity Manager for Unix to Management Console for Unix

  1. Backup the 1.0.x database files:
    1. Shutdown the service. See Start/stop/restart Management Console for Unix service for details.

      Note: The mcu_service was called the imu_service in the Identity Manager for Unix 1.0.x console.

      Management Console for Unix uses a HSQLDB (Hyper Structured Query Language Database) to store its data such as information about the hosts, settings, users, groups, and so forth.

    2. Copy the /var/opt/quest/imu data directory to a backup location.

      Note: Refer to Database maintenance for more information about the database locations and filenames.

    3. After backup is complete restart the service. See Start/stop/restart Management Console for Unix service for details.

      Once you backup the database files, you are ready to start the upgrade.

  2. To start the upgrade, follow the instructions for a first-time installation. See the Installing and Uninstalling topic for your platform under Installing the Management Console to start the installation procedure.

    When the installer detects a previous version of the mangement console is already installed, it asks if you want to continue.

  3. Click Yes at the Install Management Console for Unix dialog.

    The Install Management Console for Unix dialog displays.

  4. Accept the terms of the license agreement and click Next.
  5. Modify the installation directory path, if necessary, and click Next.
  6. Modify the default SSL (https) and Non-SSL (http) port numbers, if necessary, and click Install.

    The installation wizard installs Management Console for Unix 2.x and upgrades the database.

  7. When the installer asks if you want to uninstall the previous version of the console, you can opt to leave the older version installed and continue the 2.x installation.

    Once you are satisfied with the upgrade, you can uninstall the previous version at a later time. See the Installing and Uninstalling topic for your platform under Installing the Management Console for details about the uninstall procedure.

    Note: While you can have both the older and the newer versions of the mangement console installed, you can not run both at the same time.

  8. On the Complete dialog, select the Launch the Management Console option and click Finish.
  9. Log into the mangement console as supervisor to complete the post-upgrade configuration.

    You can not login as an Active Directory user until you log in as supervisor and reassign your Active Directory accounts to specific roles.

  10. On the Complete Upgrade dialog, enter your Active Directory credentials and click Continue to perform the post-upgrade configuration.

    After upgrading from 1.0.x, Active Directory accounts are assigned to the Manage Host role. To assign Active Directory users to other roles, log in to the console as supervisor and go to Settings | System Settings | Console Roles and Permissions. See Adding (or Removing) role members for details.

  11. On the Summary dialog, click Logout to log back in using an Active Directory account or click Close to open the mangement console with the supervisor account.

Note: After an upgrade from version 1.0.x to 2.x, please note the following:

  • Passwords cached by the supervisor account or AD users with console access were not migrated during the upgrade process due to changes in encryption. Users will have to re-enter their passwords for hosts they manage the next time they perform tasks on the hosts, and choose to cache their credentials again on the server.
  • It is important to re-profile all hosts after an upgrade of any version of Management Console for Unix.
  • Existing Active Directory users and groups granted access to the mangement console are added to the Manage Hosts role, giving them access to the features they had before the upgrade.
  • Because the encryption mechanism was changed, cached host credentials (that is, passwords cached by the supervisor account or Active Directory users with console access) are not migrated when you upgrade from 1.0.x to 2.x. Users will have to re-enter their passwords for hosts they manage the next time they perform tasks on the hosts and choose to cache them again on the server.
  • The host address in the Console host address box on the Console Information settings may have been entered as a simple address in version 1.0.x. To perform some tasks in without error, such as auto-profiling, the Console host address must be a Fully Qualified Domain Name.

Reset custom configuration settings

When upgrading from version 1.0.x to 2.x or higher, there are some steps you must take to reset any custom configuration settings you had in the previous version.

The upgrade procedure makes a .bak copy of your configuration file (jvmargs.cfg.bak) at the root of your installation directory. After you upgrade the mangement console from version 1.0.x, to reset any custom configuration settings you may have made in the previous version, compare the jvmargs.cfg.bak file with the new jvmargs.cfg file to see if you had any custom settings. For example, if you had increased the JVM Memory size in the previous version, you must add the JVM Memory setting argument to the custom.cfg file. See Setting custom configuration settings for more information about customizing configuration settings for the mangement console.

Note: Do not change the jvmargs.cfg directly; the settings in the custom.cfg file always take precedence over the default settings in jvmargs.cfg. And, next time you upgrade Management Console for Unix, changes in the jvmargs.cfg file will be overwritten.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen