The Logging Options section allows you to enable logging for all Safeguard Authentication Services Windows components. This setting only applies to the local computer. Logging can be helpful when trying to troubleshoot a particular problem. Because logging causes components to run slower and use more disk space, you should set the Log Level to Disabled when you are finished troubleshooting.
Privileged Access Suite for Unix
Introducing One Identity Safeguard Authentication Services
About licenses
System requirements
Network requirements
Installing and configuring Safeguard Authentication Services
Installing and joining from the Unix command line
Verifying package signature
The pre-installation diagnostic tool
The install script
Licensing Safeguard Authentication Services
Creating the application configuration from the Unix command line
Joining the domain
Getting started with Safeguard Authentication Services
Getting acquainted with the Control Center
Troubleshooting
Group Policy
Tools
Preferences
Use Safeguard Authentication Services PowerShell
Change Auditor for Authentication Services
Defender
Getting help from technical support
Disaster recovery
Long startup delays on Windows
Pointer Record updates are rejected
Resolving DNS problems
Resolving preflight failures
Time synchronization problems
Unable to install or upgrade
Unable to join the domain
Unable to log in
vasypd has unsatisfied dependencies
Enterprise package deployment
Logging Options
Enabling debug logging on Windows
Getting started with Safeguard Authentication Services > Getting acquainted with the Control Center > Preferences > Enabling debug logging on Windows
To enable debug logging for all Safeguard Authentication Services Windows components
- Open Control Center and click Preferences on the left navigation pane.
- Expand the Logging Options section.
- Open the Log level drop-down menu and set the log level to Debug.
Debug generates the most log output. Higher levels generate less output. You can set the Log level to Disabled to disable logging.
- Click
to specify a folder location where you want to write the log files.
Safeguard Authentication Services Windows components log information into the specified log folder the next time they are loaded. Each component logs to a text file named after the DLL or EXE that generates the log message.
Schema Attributes
From the Control Center, select Preferences then Schema Attributes to view and update schema configurations. These attribute mappings can be customized:
Unix Attributes
The Unix schema attributes are fully customizable in Safeguard Authentication Services. The Unix Attributes section allows you to see which LDAP attributes are mapped to Unix attributes. You can modify this mapping to enable Safeguard Authentication Services to work with any schema configuration. To customize the mapping, you select a schema template or specify your own custom attributes. A schema template is a pre-defined set of common mappings which adhere to common schema extensions for storing Unix data in Active Directory.
From the Control Center, select Preferences | Schema Attributes. Click the Unix Attributes link in the upper right to display the Customize Schema Attributes dialog.
Safeguard Authentication Services supports the following schema templates if the required schema is installed:
| Schema Template | Description |
|---|---|
|
Schemaless |
A template that encodes Unix attribute data in an existing multi-valued attribute. |
|
Windows R2 |
A template that uses attributes from the Windows 2003 R2 schema extension. |
|
Services for Unix 2.0 |
A template that uses attributes from the SFU 2.0 schema extension. |
|
Services for Unix 3.0 |
A template that uses attributes from the SFU 3.0 schema extension. |
BEST PRACTICE: Use a schema designed for storing Unix data in Active Directory whenever possible. Schemas designed for storing Unix data in Active Directory include: Windows 2003 R2, SFU 2, and SFU 3. Only use "schemaless" or custom mappings if it is impossible to make schema extensions in your environment.
NOTE: If you are running Safeguard Authentication Services without an application configuration in your forest and your domain supports Windows R2, you can enable Safeguard Authentication Services to use the Windows R2 schema. However, note that some functionality provided by the Safeguard Authentication Services application configuration will be unavailable.