One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Users view

The Users view displays the information imported for each local user when the host was last profiled. From the Users view you can remotely manage local users on Unix, Linux or Mac systems, including adding, modifying and deleting users, associating members to a group, assigning (or "mapping") users to Active Directory users (require Active Directory log on), and marking users as system users.

Toolbar
Table 19: Users view: toolbar
Option Description
Use this text box to filter the users displayed on the Users list. As you enter characters into the Search for users box, the mangement console displays the users whose name matches (contains) the criteria entered. Click to remove the filtering and re-display the original user list.
Action | Properties Displays the user's properties from which you can modify the general user properties, define the groups to which this user is a member and specify that a user is required to use Active Directory credentials to log onto the host (requires Authentication Services).
Action | Set local user password Allows you to reset a user's password.
Action | Find event logs Allows you to search keystroke logs (requires Privilege Manager).
Action | Remove AD logon requirement Allows you to remove the Active Directory log on requirement from selected users.
Action | Mark as system user Allows you to mark the selected users as a system user.
Action | Unmark as system user Allows you to clear the selected users.
Action | Mark system users Allows you to mark a range of users as a system user.
Action | Unmark system users Allows you to clear a range of users.
Click this button to display the Add New User dialog which allows you to enter a new user’s properties.
Click this button to remove the selected users from the Unix host.
All users drop-down menu Allows you to filter the users displayed on the Users view.

Choose one of the following options:

  • All users
  • All non-system users
  • System user
  • Users requiring AD logon (requires Authentication Services 4.x)
  • Users not requiring AD logon (requires Authentication Services 4.x)

NOTE: By default, all users display on the All Hosts Users tab.

Rows to show Use the settings on this drop-down menu to select the number of rows you want to display.
Users View

The Users view contains the following information for the local Unix users imported from the selected host during the profiling operation:

Table 20: Users view
Option Description

The first column contains a selection check box that allows you to select or deselect a user. Once selected, mangement console enables certain toolbar buttons and right-click commands which allow you to manage the selected users.

To select a user, click a user entry or the selection check box. To select all users in the list, click the check box in the heading.

To deselect a user, click on the selection check box. To deselect all users, clear the check box in the heading.

The icons displayed in this column indicate the type of user:

  • local user not requiring AD logon (requires Authentication Services 4.x)
  • local user requiring AD logon (requires Authentication Services 4.x)
  • system user
Name The names of local users on the selected host system.
UID The user identifier assigned to each local user.
GID The group identifier assigned to each local user’s primary group.
Comment (GECOS) The user’s description.
Home Directory

The file system directory for each local user’s personal data and files.

NOTE: This column is hidden from view by default. To show this column, open any column's drop-down menu, navigate to Columns and select Home Directory.

Login Shell The login shell used by each local user to log onto the Unix system.
AD User The Active Directory user account assigned to the local user. An entry in this column indicates that the local user is required to use their Active Directory credentials to log on to the host.

Groups view

The Groups view displays the information imported for each local group when the selected host was profiled. From the Groups view you can remotely manage local Unix groups.

Toolbar

Use the toolbar buttons across the top of this view as described below:

Table 21: Groups view: toolbar
Option Description
Use the search box to filter the groups displayed on the Groups view based on the groups' name. As you enter characters into the search box, the mangement console displays the groups that match (contain) the criteria entered. Click to remove the filtering and redisplay the original group list.
Select a group from Groups list and click the Properties button to display the group's properties. From the group’s properties, you can modify the group’s general properties or specify users as members of this group.
Click this button to open the Add New Group dialog which allows you to create a new group in the Unix host.
Select a group from Groups list and click the Delete Group button to remove the selected groups from the Unix host.
Groups View

The Groups view contains the following information for each group imported from the Unix host during the last profiling operation:

Table 22: Groups view
The first contains a selection check box which allows you to select or deselect a group. Once selected, the mangement console enables certain toolbar buttons and right-click commands which allow you to manage the selected groups.

To select a group, click a group entry or the selection check box. To select all the groups in the list, select the check box in the heading.

To deselect a group, click on the selection check box. To deselect all groups, clear the check box in the heading.

Name The name of the local groups defined for the selected host system.
GID The unique group identifier that assigned to each group.

Readiness Check Results view

Note: The content for the Readiness Check Results view only displays after you run one of the Checks.

Table 23: Readiness Check Results view
Option Description
Search box menu. Allows you to choose either AD Readiness or Policy Readiness.
Last Status Displays the status of the last readiness check performed against the selected host.
Last Check Displays when the last readiness check was performed against the selected host. Hovering your mouse over this entry will display the actual date and time.
Checks / Results

The remainder of the page lists the checks performed and the individual results of each check. It also lists any advisories or errors encountered during the process.

The following status icons are used to display the status of a check:

  • - check completed successfully
  • - check completed with an advisory
  • - check failed
  • - check was skipped (due to failed check)

To view additional details on any of the checks performed, including a possible solution for advisories and errors, double-click the entry or right-click and select Check details.

Software view

The host properties Software view lists the One Identity products currently installed on this host.

Click the button to initiate the software installation operation for the host. (See Install software on hosts for details.)

Documents connexes