One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Deleting local group

Any users belonging to a deleted group will no longer have access to the resources previously owned by that group.

To delete a local group

  1. From the Groups tab, select one or more groups to delete and click Delete Group.

  2. Confirm that you want to delete the selected groups.

  3. On the Log on to Host dialog, enter the user credentials and click OK.

    Note: This task requires elevated credentials.

    The Groups view is automatically refreshed and no longer lists the deleted groups.

Reviewing the Local Unix Groups report

The Local Unix Groups report lists all the groups on a host and the group's membership.

Note: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

To create the Local Unix Groups report

  1. From the mangement console, navigate to Reporting.
  2. From the Reports view, double-click the Local Unix Groups report name.

    The report opens a new Local Unix Groups tab on the Reporting view.

  3. To locate a specific group, use a combination of the following report parameters:
    • Group Name contains
    • GID Number is
    • Member contains
    • Include all group members in report (Always included when exporting to CSV)

    Note: The Member contains field accepts multiple entries separated by a comma. Spaces are taken literally in the search. For example, entering:

    • adm, user searches for members whose name contains 'adm' or ' user'
    • adm,user searches for members whose name contains 'adm' or 'user'.

    Note: When you specify multiple report parameters (for example, Group Name contains, GID Number is, and Member contains), it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate a group.

    If you do not specify a group, it includes all local groups on each profiled host in the report. In addition, it includes all of the group members in the report by default, but you can clear the Include all group members in report option.

  4. Open the Export drop-down menu and select the format you want to use for the report: PDF or CSV.

    It launches a new browser or application page and displays the report in the selected format.

Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. See JVM memory tuning suggestions for details.

Managing local users

The profiling operation imports system information about the local users so you can remotely manage them through the mangement console.

The console's All Local Users tab provides a consolidated view of all users on all hosts. In addition, a host's properties contains a Users view, from which you can manage the local users.

The topics in this section step you through the local user management tasks you can perform from the Users and All Local Users tabs. For a detailed description of these tasks, please refer to the online help.

Adding a local user

You can use the mangement console to remotely add a local user to a host.

Note: This topic instructs you to set up a local user by the name of "localuser" referred to by other examples in this guide.

To add a local user account

  1. From the All Hosts view, double-click a host name to open its properties.

    You can also right-click the host name and choose Users.

  2. Select the Users tab and click Add User.

  3. In the Add New user dialog,

    1. Enter localuser as a new local user name in the Name box.

    2. Click the Select Group browse button next to the GID box to select the primary group of the user.

      The Select Local Group dialog opens.

    3. Find and select a local group account and click OK.

      By default, the Select Local Group dialog displays all groups discovered on the host. You can filter the groups by entering text in the filter area or use the navigation buttons at the bottom of the list to find and select a group.

      Note: See Adding a local group for details about adding local groups.

    4. Click the Select Shell browse button to select the login shell of the user.

      The Select local login shell dialog opens.

    5. Find and select a local login shell and click OK.

      By default, the Select local login shell dialog displays all login shells discovered on the host. You can filter the login shells by entering text in the filter area.

    6. Enter and re-enter a password of your choice and click Add User to add this new local user and click OK.

  4. On the Log on to Host dialog, enter your credentials to log onto the host and click OK.

    Note: This task requires elevated credentials. The mangement console enters this information by default from the cache.

    The new local user account is added to the system and mangement console.

At this point the new local user is valid for local authentication with the password you just set.

Documents connexes