Safeguard Authentication Services 5.0.2

The management console provides comprehensive reporting which includes reports that can help you plan your deployment, consolidate Unix identity, secure your hosts and troubleshoot your identity infrastructure. The following tables list the reports that are available in Management Console for Unix.

Note: Report availability depends on several factors:

User Log-on Credentials: While some reports are available when you are logged in as supervisor, there are some reports that are only available when you are logged on as an Active Directory user. See Active Directory Configuration in the online help for details.
Roles and Permissions: Reports are hidden if they are not applicable to the user's console role. See Console Roles and Permissions System Settings in the online help for details. For example, you must have an activated policy server to activate the sudo-related reports.

Host reports

Getting started with Safeguard Authentication Services > Learning the basics > Running reports > Host reports

The following reports provide Unix host information that is gathered during the profiling process.

Table 27: Host reports
Report	Description
Safeguard Authentication Services Readiness	Provides a snapshot of the readiness of each host to join Active Directory. This report is best used for planning and monitoring migration projects. The basic report includes the following information: Total number of hosts Total number, percentage, and names of the hosts ready to join Total number, percentage, and names of the hosts ready to join with advisories Total number, percentage, and names of the hosts not ready to join Total number of hosts not checked for AD readiness Use the following report parameters to define details to include in the report. Joined to AD Ready to Join AD Ready to Join AD with Warnings Not Ready to Join AD Not Checked for Readiness NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.
Privilege Manager Readiness	Provides a snapshot of the readiness of each host to join a policy group. The basic report includes the following information: Total number of hosts Total number, percentage, and names of the hosts ready to join Total number, percentage, and names of the hosts not ready to join Total number of hosts not checked for readiness Use the following report parameters to define details to include in the report. Joined to a policy group Ready to join a policy group Ready to join a policy group with warnings Not ready to join a policy group Not checked for readiness NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Sudo Policy role or the Audit Sudo Policy role.
Unix Computers in AD	Lists all Unix computers in Active Directory in the requested scope. By default, this report is created using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search. NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Unix Host Profiles	Summarizes information gathered during the profiling process of each managed host. This report includes the following information: Total number of hosts included in the report Host Name, IP Address, OS, Hardware Sudo version number Use the following report parameters to define details to include for each host. Safeguard Authentication Services Properties Privilege Manager Properties Local Users Local Groups Host SSH Keys Installed One Identity Software NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

User reports

Getting started with Safeguard Authentication Services > Learning the basics > Running reports > User reports

The following reports provide local and Active Directory user information.

Table 28: User reports
Report	Description
AD User Conflicts	Returns all users with Unix User ID numbers (UID numbers) assigned to other Unix-enabled user accounts. By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search. NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Local Unix User Conflicts	Identifies local user accounts that would conflict with a specified user name and UID on other hosts. You can use this report for planning user consolidation across your hosts. This report includes the following information: Host Name, DNS Name, or IP Address where a conflict would occur User Name, UID Number, Primary GID Number, Comment (GECOS), Home Directory, and Login Shell for each host where conflicts exist Use the following report parameters to define the user name and UID number that would cause a conflict with existing local user accounts: User Name is UID Number is NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.
Local Unix Users	Lists all users on all hosts or lists the hosts where a specific user account exists in /etc/passwd. This report includes the following information: Host Name, DNS Name, or IP Address where the user exists User Name, UID Number, Primary GID Number, Comment (GECOS), Home Directory, and Login Shell for each host where the user exists If you do not define a specific user, it includes all local users on each profiled host in the report. To locate a specific user, use the following report parameters: User Name contains UID Number is Primary GID Number is Comment (GECOS) contains Home Directory contains Login Shell contains NOTE: When you specify multiple report parameters, it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate the user account. NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.
Local Unix Users with AD Logon	Identifies the local user accounts that are required to use Active Directory credentials to log onto the Unix hosts. This report includes the following information for hosts that are joined to an Active Directory domain: Host Name, DNS Name, or IP Address of hosts where users exist that are required to log on using their AD credentials User Name, UID Number, Primary GID Number, and Comment (GECOS) of local user account The SAM account Name of the Active Directory account that the local user account must use to log on NOTE: This report only includes hosts joined to an Active Directory domain with a Safeguard Authentication Services 4.x agent. NOTE: This report is only available when the host has Safeguard Authentication Services 4.x or later installed and is joined to Active Directory. You must be logged in with an Active Directory account in the Manage Hosts role.
Master /etc/passwd List	Provides a consolidated list of all user accounts from all hosts, excluding any local users marked as system users. This report includes the following information: Username Empty password UID GID GECOS Home directory path Account's shell You can consolidate the list of user accounts by matching values for accounts across multiple hosts. Accounts found with matching values are listed as a single local account. This list is best used for migrating local users to Active Directory. Indicate how you want to match user accounts by selecting the value parameters that you want to match: Username UID GID GECOS Home Directory Shell Optionally, you can include the host name for the accounts, as well: Include the host name for accounts This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role. NOTE: If you select the Include the host name for accounts option, the management console adds a column to the Master_etc_passwdList .csv file to identify the host for each user account. One Identity provides the Host column information to help you resolve the entries in the file. However, before you import the .cvs file into the Unix Account Import Wizard, you must remove the Host column. You can easily migrate local users to Active Directory by exporting the Master /etc/passwd List report, then importing it into the Unix Account Import Wizard, accessible from the Safeguard Authentication Services Control Center's Tools link. The Unix Account Import wizard is a versatile tool that helps migrate Unix account information to Active Directory. It is especially well-suited to small, one-shot import tasks such as importing all the local user accounts from a specific Unix host. The Unix Account Import Wizard can import Unix data as new user and group objects or use the data to Unix-enable existing users and groups.
Unix-Enabled AD Users	Lists all Active Directory users that have Unix user attributes. NOTE: A User object is considered to be 'Unix-enabled' if it has values for the UID Number, Primary GID Number, Home Directory, and Login Shell. If Login Shell is /bin/false, the user is considered to be disabled for Unix or Linux logon. Account Disabled indicates whether the Active Directory User account is enabled or disabled. By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search. NOTE: This report is only available if you have configured the management console to recognize Active Directory objects (see Configuring the Console to Recognize Unix Attributes in AD in the online help), and you are logged on as an Active Directory account in the Manage Hosts role.

Group reports

Getting started with Safeguard Authentication Services > Learning the basics > Running reports > Group reports

The following reports provide local and Active Directory group information.

Table 29: Group reports
Report	Description
AD Group Conflicts	Lists all Active Directory groups with Unix Group ID (GID) numbers assigned to other Unix-enabled groups. By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select the base container to begin the search. NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Local Unix Groups	Identifies the hosts where a specific group exists in /etc/group. This report includes the following information: Host Name, DNS Name, or IP Address where the group exists Group Name, GID Number, and members for each host where the group exists If you do not specify a group, it includes all local groups on each profiled host in the report. To locate a specific group, use the following report parameters: Group Name contains GID Number is Member contains Include all group members in report NOTE: The Member contains field accepts multiple entries separated by a comma. Spaces are taken literally in the search. For example, entering: adm, user searches for members whose name contains "adm" or "user" adm,user searches for members whose name contains "adm" or "user" NOTE: When you specify multiple report parameters (for example, Group Name contains, GID Number is, and Member contains), it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate a group. In addition, it includes all of the group members in the report by default, but you can clear the Include all group members in report option. NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.
Unix-Enabled AD Groups	Lists all Active Directory groups that have Unix group attributes. NOTE: A Group object is considered 'Unix-enabled' if it has a value for the GID Number. By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search. NOTE: This report is only available if you have configured the management console to recognize Active Directory objects (see Configuring the Console to Recognize Unix Attributes in AD in the online help), and you are logged on as an Active Directory account in the Manage Hosts role.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación

Seleccione su producto:

Con el fin de ofrecerle un mejor servicio, complete el campo Motivo del chat:

Soluciones recomendadas para su problema

Safeguard Authentication Services 5.0.2 - Installation Guide

Reports

Host reports

User reports

Group reports