Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Running reports

You can run various reports that capture key information about the Unix hosts you manage from the mangement console and the Active Directory domains joined to these hosts from the Reports view on the Reporting tab.

Note: The Active Directory reports are only available when you are logged on as an Active Directory account in the Manage Hosts role.

To run reports

  1. Ensure the hosts for which you want to create reports have been recently profiled.

    Reports only generate data gathered from the clients during a Profile procedure. Profiling imports information about the host, including local users and groups.

    Note: You can configure the mangement console to profile hosts automatically.

    See Automatically profiling hosts for details.

  2. From the mangement console, click the Reporting tab.
  3. From the Reports view, expand the report group names to view the available reports, if necessary.
    • Host Reports

      Unix host information gathered during the profiling process

    • User Reports

      Local and Active Directory user information

    • Group Reports

      Local and Active Directory group information

    • Access & Privileges Reports

      User access information

    • License Usage Reports

      Product licensing information.

  4. Use one of the following methods to select a report:
    • Double-click a report name in the list (such as the Unix Host Profiles report).
    • Right-click a report name and select Run report.
    • Click the report icon next to a report.

    The selected report name opens a new tab on the Reports view which describes the report and provides some report parameters you can select or clear to add or exclude details on the report.

  5. Optionally clear parameters to exclude information from the report.
  6. To create a report, either
    1. Click Preview to see a sample of the report in a browser.
    2. Open the Export drop-down menu and select the format you want to use for the report: PDF or CSV (if available).

    Note:

    If the CSV report does not open, you may need to reset your internet options. See CSV or PDF reports do not open for details.

    By default, the mangement console creates reports in the application data directory:

    • On Windows: 
      %SystemDrive%:\ProgramData\Quest Software\Management Console for Unix\reports
    • On Unix/Linux: 
      /var/opt/quest/mcu/reports

    Note: You may need to reconfigure your browser preferences to allow you to save the report in a specific folder.

    It launches a new browser or application page and displays the report in the selected format.

Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. See JVM memory tuning suggestions for details.

Reports

The mangement console provides comprehensive reporting which includes reports that can help you plan your deployment, consolidate Unix identity, secure your hosts and troubleshoot your identity infrastructure. The following table lists the reports that are available in Management Console for Unix.

Note: Report availability depends on several factors:

  • User Log-on Credentials: While some reports are available when you are logged in as supervisor, there are some reports that are only available when you are logged on as an Active Directory user. See Active Directory configuration for details.
  • Roles and Permissions: Reports are hidden if they are not applicable to the user's console role. For example, you must have an activated policy server to activate the sudo-related reports. See Console Roles and Permissions system settings for details.

Host reports

Table 11: Host reports
Report Description
Authentication Services Readiness

Provides a snapshot of the readiness of each host to join Active Directory. This report is best used for planning and monitoring migration projects. The basic report includes the following information:

  • Total number of hosts
  • Total number, percentage and names of the hosts ready to join
  • Total number, percentage and names of the hosts ready to join with advisories
  • Total number, percentage and names of the hosts not ready to join
  • Total number of hosts not checked for AD readiness

Use the following report parameters to define details to include in the report.

  • Joined to AD
  • Ready to Join AD
  • Ready to Join AD with Warnings
  • Not Ready to Join AD
  • Not Checked for Readiness
NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.
Privilege Manager Readiness

Provides a snapshot of the readiness of each host to join a policy group. The basic report includes the following information:

  • Total number of hosts
  • Total number, percentage and names of the hosts ready to join
  • Total number, percentage and names of the hosts not ready to join
  • Total number of hosts not checked for readiness

Use the following report parameters to define details to include in the report.

  • Joined to a policy group
  • Ready to join a policy group
  • Ready to join a policy group with warnings
  • Not ready to join a policy group
  • Not checked for readiness
NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Sudo Policy role or the Audit Sudo Policy role.
Unix Computers in AD

Lists all Unix computers in Active Directory in the requested scope.

By default, this report is created using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Unix Host Profiles

Summarizes information gathered during the profiling process of each managed host. This report includes the following information:

  • Total number of hosts included in the report
  • Host Name, IP Address, OS, Hardware
  • Sudo version number

Use the following report parameters to define details to include for each host.

  • Authentication Services Properties
  • Privilege Manager Properties
  • Local Users
  • Local Groups
  • Host SSH Keys
  • Installed One Identity Software
NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

User reports

Table 12: User reports
Report Description
AD User Conflicts

Returns all users with Unix User ID numbers (UID numbers) assigned to other Unix-enabled user accounts.

By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Local Unix User Conflicts

Identifies local user accounts that would conflict with a specified user name and UID on other hosts. You can use this report for planning user consolidation across your hosts. This report includes the following information:

  • Host Name, DNS Name or IP Address where a conflict would occur
  • User Name, UID Number, Primary GID Number, Comment (GECOS), Home Directory and Login Shell for each host where conflicts exist

Use the following report parameters to define the user name and UID number that would cause a conflict with existing local user accounts:

  • User Name is
  • UID Number is
NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.
Local Unix Users

Lists all users on all hosts or lists the hosts where a specific user account exists in /etc/passwd. This report includes the following information:

  • Host Name, DNS Name or IP Address where the user exists
  • User Name, UID Number, Primary GID Number, Comment (GECOS), Home Directory, and Login Shell for each host where the user exists

If you do not define a specific user, it includes all local users on each profiled host in the report.

To locate a specific user, use the following report parameters:

  • User Name contains
  • UID Number is
  • Primary GID Number is
  • Comment (GECOS) contains
  • Home Directory contains
  • Login Shell contains
NOTE: When you specify multiple report parameters, it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate the user account.
NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.
Local Unix Users with AD Logon

Identifies the local user accounts that are required to use Active Directory credentials to log onto the Unix hosts. This report includes the following information for hosts that are joined to an Active Directory domain:

  • Host Name, DNS Name or IP Address of hosts where users exist that are required to log on using their AD credentials
  • User Name, UID Number, Primary GID Number and Comment (GECOS) of local user account
  • The SAM account Name of the Active Directory account that the local user account must use to log on
NOTE: This report only includes hosts joined to an Active Directory domain with a Authentication Services 4.x agent.
NOTE: This report is only available when the host has Authentication Services 4.x or later installed and is joined to Active Directory. You must be logged in with an Active Directory account in the Manage Hosts role.
Master /etc/passwd List

Provides a consolidated list of all user accounts from all hosts, excluding any local users marked as system users. This report includes the following information:

  • Username
  • Empty password
  • UID
  • GID
  • GECOS
  • Home directory path
  • Account's shell

You can consolidate the list of user accounts by matching values for accounts across multiple hosts. Accounts found with matching values are listed as a single local account. This list is best used for migrating local users to Active Directory.

Indicate how you want to match user accounts by selecting the value parameters that you want to match:

  • Username
  • UID
  • GID
  • GECOS
  • Home Directory
  • Shell

Optionally, you can include the host name for the accounts, as well:

  • Include the host name for accounts

NOTE: If you select the Include the host name for accounts option, the mangement console adds a column to the Master_etc_passwdList .csv file to identify the host for each user account. One Identity provides the Host column information to help you resolve the entries in the file. However, before you import the .cvs file into the Unix Account Import Wizard, you must remove the Host column.

You can easily migrate local users to Active Directory by exporting the Mater /etc/passwd List report, then importing it into the Unix Account Import Wizard, accessible from the Control Center's Tools link. The Unix Account Import Wizard is a versatile tool that helps migrate Unix account information to Active Directory. It is especially well suited to small, one-shot import tasks such as importing all the local user accounts from a specific Unix host. The Unix Account Import Wizard can import Unix data as new user and group objects or use the data to Unix-enable existing users and groups.

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

Unix-Enabled AD Users

Lists all Active Directory users that have Unix user attributes.

NOTE:

  • A User object is considered to be 'Unix-enabled' if it has values for the UID Number, Primary GID Number, Home Directory and Login Shell.
  • If Login Shell is /bin/false, the user is considered to be disabled for Unix or Linux logon.
  • Account Disabled indicates whether the Active Directory User account is enabled or disabled.

By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is only available if you have configured the mangement console to recognize Active Directory objects (see Configuring the console to recognize Unix attributes in AD), and you are logged on as an Active Directory account in the Manage Hosts role.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation