Now that you have Unix-enabled an Active Directory user, you can log into a local Unix host using your Active Directory user name and password.
To test the Active Directory login
User name: Enter the Active Directory user name, such as ADuser.
Click Login to log onto the Unix host with your Active Directory user account.
The vastool klist command lists the Kerberos tickets stored in a user's credentials cache. This proves the local user is using the Active Directory user credentials.
You just learned how to manage Active Directory users and groups from the mangement console by Unix-enabling an Active Directory group and user account. You tested this out by logging into the Unix host with your Active Directory user name and password. Optionally, you can expand on this tutorial by creating and Unix-enabling additional Active Directory users and groups and by testing different Active Directory settings such as account disabled and password expired.
Management Console for Unix allows you to install the Privilege Manager Policy Server as well as the Privilege Manager Agent and the Sudo Plugin software to remote hosts; it also allows you to join hosts to a policy group activated in the Privilege Manager System Settings. See Configuring a service account for details.
The policy management and keystroke logging features are available when the mangement console is configured in System Settings for one or more policy groups.
Note: To use the policy editor, you must log in either as the supervisor or an Active Directory account with rights to manage policy; that is, an account in the Manage Sudo Policy or Manage PM Policy roles.
To replay keystroke logs, you must log in either as the supervisor or an Active Directory account with rights to audit policy; that is, an account in the Audit Sudo Policy or Audit PM Policy console roles.
After you install Management Console for Unix, you are ready to enable the Privilege Manager features.
To enable the mangement console's Privilege Manager features
Set up a user in the Manage Sudo Policy or Manage PM Policy role to edit the policy and a user in the Audit Sudo Policy or Audit PM Policy role to replay keystroke logs. See Adding (or Removing) role members for details.
Note: The default supervisor account is a member of all roles and therefore has the permissions to both edit policy and replay keystroke logs.
Download the Privilege Manager for Unix software packages to the server.
Set the Privilege Manager software location in System Settings.
Configure the Primary Policy server:
Configure a Secondary Policy server:
Install the PM Agent or Sudo Plugin software on a remote host:
The first thing you must do is configure the host you want to use as your primary policy server.
© 2019 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité