You can only map the root account to an Active Directory account using the mapped-root-user setting in vas.conf.
To map the root user to an Active Directory account
vastool configure vas vas_auth mapped-root-user Administrator@example.com
Note: If you specify mapped-root-user on AIX you must set VASMU on the system line of the root section in /etc/security/user. Refer to your AIX system documentation for more information.
Self-enrollment allows users to map their Unix account to an Active Directory account as they log in to Unix. This mapping occurs as part of the standard PAM login. Users are first prompted for their Unix password. Once authenticated to Unix, they are prompted to authenticate to Active Directory. This process happens on the first log in after you enable self-enrollment. Once the self-enrollment is complete, the user logs in with his Unix user name and Active Directory password.
To enable self-enrollment
vastool configure vas vas_auth enable-self-enrollment true
Note: All users mapped by the self-enrollment process are stored in the /etc/opt/quest/vas/automatic_mappings file.
/etc/init.d/vasd restart
/sbin/init.d/vasd restart
stopsrc -s vasd startsrc -s vasd
Note: Due to library changes between the Safeguard Authentication Services 4.1 and 4.2, the system may need to be rebooted before all processes load the new libraries.
When user identity information is not stored centrally within Active Directory, it is possible for Active Directory users to have Posix identity attributes automatically generated for them when interacting with Unix hosts, allowing the user to authenticate with an Active Directory password.
This is convenient in situations where you can not utilize enterprise user and group identification from Active Directory. For example, when you do not have sufficient rights to modify User identity objects, or are unable to create the Safeguard Authentication Services Application Configuration object, you can configure Safeguard Authentication Services to auto-generate Posix identity attributes on the Unix host for Active Directory users.
The following attributes are auto-generated:
The generated attributes are stored locally on each Unix host and remain in effect until manually removed by the system administrator.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center