Chat now with support
Chat mit Support

Safeguard Authentication Services 6.0.1 - Administration Guide

Privileged Access Suite for UNIX Introducing One Identity Safeguard Authentication Services UNIX administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing UNIX hosts with Group Policy
Safeguard Authentication Services Group Policy
Group Policy Concepts UNIX policies One Identity policies
Display specifiers Troubleshooting Glossary

Unable to log in

If you are unable to log in as an Active Directory user after installing, check the following:

  1. Log in as root on the UNIX host.

  2. Check the status of the Safeguard Authentication Services subsystems. To do this, run the following command:

    vastool status

    Correct any errors reported by the status command, then try logging in again.

  3. Ensure the user exists locally and is allowed to log in. To check this, run the following command:

    vastool user checklogin <username>

    The output displays whether the user is a known Active Directory user. If not, you may need to map the user to an Active Directory account or UNIX-enable the Active Directory account. If the user is known, an access control rule may prevent them from logging in. The output of the command displays which access control rules are in effect for the user.

You may need to restart window managers such as gdm in order for the window manager to reload NSS modules. Until the window manager reloads the NSS configuration, you will be unable to log in with an Active Directory user. Other services such as cron may also be affected by NSS changes. If you are unsure which services need to be reloaded, reboot the system.

NOTE:

If you are configuring Safeguard Authentication Services on VMware ESX Server vSphere (ESX 4.0) the reason you can not log in may be related to access control issues. For more information, see For more information, see Configuring access control on ESX 4..

UNIX Account tab is missing in ADUC

If the UNIX Account tab does not appear when viewing the properties of a user or group in Active Directory Users and Computers, the most likely cause is that the extension module (AducExtensions.dll) was unable to load due to an invalid or corrupt installation. To resolve this issue, check the following:

  • Ensure that Safeguard Authentication Services has been installed on the local computer.

  • Ensure that you are logged in as a domain user or that ADUC is running as a domain user.

  • The Safeguard Authentication Services installation might have become corrupted. Remove and re-install Safeguard Authentication Services.

  • Certain software is required for the UNIX Account tab to load. If any of the following software has been removed, re-install it:

    • Windows PowerShell

    • VisualStudio C++ Runtime

    • .NET Framework v4.7.2

  • If you work with One Identity Active Roles Console, ensure that display specifiers are installed and that you restarted the Active Roles Service. Otherwise, the UNIX Account tab will not appear in the Active Roles Console.

  • If the UNIX Account tab still does not appear, open Control Center and in Preferences, enable debug logging. Attempt to load the UNIX Account tab, then send the generated log files to One Identity support.

vasypd has unsatisfied dependencies

If you receive the following error message while installing the Safeguard Authentication Services vasypd UNIX component, the rpcbind service may not be enabled.

svcadm: Instance "svc:/quest/vas/vasypd:default" has unsatisfied dependencies.
Error 4 starting vasypd

To enable the rpcbind service

  1. Check the dependencies of vasypd:

    # svcs -d quest/vas/vasypd
    STATE          STIME    FMRI
    disabled       Sep_14   svc:/network/rpc/bind:default
    online         Sep_14   svc:/milestone/single-user:default
    online         Sep_14   svc:/system/filesystem/local:default
  2. If rpcbind is disabled, run this command to enable it:

    # /usr/sbin/svcadm enable -s /network/rpc/bind
  3. Run the following command to start vasypd:

    # /etc/init.d/vasypd start

If yp-tools dependency is not available from rpm package manager, perform the following steps.

yp-tools dependency is not available from rpm package manager

  1. Enable Extra Packages for Enterprise Linux (EPEL).

  2. Install Development Tools on RHEL, CentOS, Fedora, Scientific or Red Hat Enterprise Linux.

  3. Install nsl library, ti-rpc and rpcbind yum install libnsl2-devel libtirpc-devel rpcbind.

  4. Get the yp-tools source codes from Github.com/thkukuk

    https://github.com/thkukuk

    https://www.thkukuk.de/nis/nis/

    The required repositories are:

    • yp-tools

    • ypbind-mt

    The repositories contain an INSTALL helper guide.

  5. Create a systemd service file for ybind-mt.

Glossary

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen