Chat now with support
Tchattez avec un ingénieur du support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Installing Authentication Services software packages

Once you have added and profiled one or more hosts, and checked them for AD Readiness, you can remotely deploy software products to them from the mangement console.

Note: This task is only available when you are logged on as supervisor or an Active Directory account in the Manage Hosts role.

To install Authentication Services software on hosts

  1. Select one or more profiled hosts on the All Hosts view and click the Install Software toolbar button.

    Note: The Install Software toolbar menu is enabled when you select hosts that are profiled; the toolbar button will not be active if you have not selected any hosts.

  2. On the Install Software dialog, select the software products you want to install and click OK.

    • Authentication Services Agent
    • Authentication Services for Group Policy
    • (Optional) Authentication Services for NIS
    • (Optional) Authentication Services for LDAP
    • (Optional) Dynamic DNS Updater
    • (Optional) Defender Pam Module

    NOTES:

    • Both the Authentication Services Agent and the Authentication Services Group Policy packages are required.
    • If you do not see all of these software packages, verify that the path to the software packages is correctly set in System Settings. (Refer to: Setting Authentication Services software path)
  3. On the Log on to Host dialog, enter the user credentials to access the selected hosts and click OK.

    Note: This task requires elevated credentials.

    If you selected multiple hosts, it asks whether you want to use the same credentials for all the hosts (default) or enter different credentials for each host.

    1. If you selected multiple hosts and the Use the same credentials for all selected hosts option, enter your credentials to log on to access the selected hosts and click OK.
    2. If you selected multiple hosts and the Enter different credentials for each selected host option, it displays a grid which allows you to enter different credentials for each host listed. Place your cursor in a cell in the grid to activate it and enter the data.

Upgrading Authentication Services

The process for upgrading the Authentication Services software packages from an older version is similar to installing it for the first time. The installer detects an older version and automatically upgrades the components.

To upgrade Authentication Services

  1. Create a directory where you want to store the new Authentication Services client files.

    For example, create C:\Program Files\Quest Software\Management Console for Unix\Software\4.n.n.nn

    where "4.n.n.nn" is the Authentication Services version number to which you are upgrading.

    Note: Refer to Setting Authentication Services software path for more information about the default client directories.

  2. Copy the client directory from the ISO to the directory you just created.
  3. Log into the mangement console using the supervisor account.
  4. From the top-level Settings menu, navigate to System Settings | Authentication Services.
  5. In the Authentication Services software path box, enter the location of the directory where you copied the Authentication Services client files and click OK.
  6. On the mangement console, select the host you want to upgrade and click Install Software.
  7. Select the Authentication Services agent software components to upgrade and click OK.
  8. On the Log on to Host dialog, enter the user credentials to access the selected hosts and click OK.

    If you selected multiple hosts, it asks whether you want to use the same credentials for all the hosts (default) or enter different credentials for each host.

    1. If you selected multiple hosts and the Use the same credentials for all selected hosts option, enter your credentials to log on to access the selected hosts and click OK.
    2. If you selected multiple hosts and the Enter different credentials for each selected host option, it displays a grid which allows you to enter different credentials for each host listed. Place your cursor in a cell in the grid to activate it and enter the data.
  9. Wait for the task to finish successfully.

Joining host to Active Directory

In order to manage access to a host using Authentication Services for Active Directory, you must join the host to an Active Directory domain. Joining a host to a domain creates a computer account in Active Directory for that host. Once you have deployed and installed the Authentication Services Agent software on a host, use the Join to Active Directory command on the All Hosts view's Join or configure menu to join the host to an Active Directory domain.

Note: This task is only available when you are logged on as an Active Directory account in the Manage Hosts role. See Console Roles and Permissions system settings for details.

To join hosts to Active Directory

  1. Select one or more hosts from the list on the All Hosts view, open the Join or Configure menu toolbar button and choose Join to Active Directory.

    Note: The Join to Active Directory option is only enabled when you select hosts that have the Authentication Services Agent installed.

    If you select a host that is already joined to Active Directory, you can 'rejoin' the host to the same Active Directory domain.

  2. On the Join Host to Active Directory dialog, enter the following information to define how and where you want to join the host to Active Directory:

    1. Select the Active Directory domain to use for the join operation or enter the FQDN of the Active Directory domain.

      Use the same domain you entered when you performed the Check for AD Readiness.

    2. Optionally enter a name for the computer account for the host.

      Leave this field blank to generate a name based on the host's DNS name.

    3. Click the button to locate and select a container in which to create the host computer account.
    4. Enter the optional join commands to use.

      See Optional join commands for a list of commands available.

    5. Enter the user name and password to log onto Active Directory.

      The user account you enter must have elevated privileges in Active Directory with rights to create a computer account for the host.

  3. On the Log onto Host dialog, enter the user credentials to access the selected host(s) and click OK.

    Note: This task requires elevated credentials. The mangement console pre-populates this information.

    The task progress pane on the All Hosts view displays a progress bar and the final status of the tasks, including any failures or advisories encountered.

Join Host to Active Directory dialog

The Join Host to Active Directory dialog is displayed when you open the Join toolbar button drop-down menu.

On the Join Host to Active Directory dialog, enter the following information to define how and where you want to join the selected host to Active Directory.

Note: The user account you enter must have elevated privileges in Active Directory with rights to create a computer account for the host.

Table 49: Join Host to Active Directory dialog
Option Description
How to you want to join the host to Active Directory?
Domain for the host to join Select the Active Directory domain to which to join the host. This field displays the domain name you used previously for the AD Readiness Check (or a previous join operation), but you can change it to another domain in the configured forest.
Name for computer account Enter the name of the computer account for the host. Leave this field blank to generate a name based on the host's DNS name.
Container where the computer account will be created Enter or click to brown to select a container in which to create the computer account for the host.
Join commands (optional) Enter the optional join commands to use. See Optional join commands for a list of commands available.
Log on to Active Directory to join host
User Name

Enter the user name to log onto Active Directory.

NOTE: The user account you enter must have elevated privileges in Active Directory with rights to create a computer account for the host

Password Enter the password associated with the user name entered.
Documents connexes