Chat now with support
Tchattez avec un ingénieur du support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Active Directory settings

Use the Active Directory settings to configure the console for Active Directory, specify which sites, domains, domain controllers, or global catalogs the mangement console may access, and to set the default logon domain.

Table 77: Active Directory settings
Option Description
AD Configuration

Forest

If you are already configured for Active Directory, the name of your Active Directory forest displays. However, if you have not configured for Active Directory, the Configure for Active Directory link displays. (See Active Directory configuration for details.)

Advanced Settings

Click Advanced Settings to specify which sites, domains, domain controllers, or global catalogs you want the mangement console to access and to set the default domain to use when logging onto the console.

NOTE: By default, the mangement console contacts Active Directory through any site, domain, domain controller, or global catalog that is available. To limit how the console contacts Active Directory, click Advanced Settings and specify which sites, domains, or addresses you want the console to contact.

Note: See Active Directory system settings for details.

Privilege Manager settings

Use the Privilege Manager settings to activate the policy groups that you want to use for checking policy and keystroke logging.

Note: If your policy group is not listed, make sure you added and profiled the host where Privilege Manager software is installed as the primary policy server to the mangement console; then re-profile the host.

Table 78: Privilege Manager settings
Option Description
Active You must activate a policy server group to centrally manage a policy file and reply keystroke logs for a policy group. If you no longer want to manage the policy or replay keystrokes for a particular policy group, deactivate it.
Policy Group A group of policy servers.
Primary Policy Server The mangement console accesses the policy file and keystroke logs on the primary policy server.
Policy

The security policy type, either pmpolicy or sudo.

See Security policy management for details.

Configure (or Unconfigure) service account Configuring a service account allows the console to access the policy file and event logs on the primary policy server.

Note: See Privilege Manager system settings for details.

Privilege Manager | Software and Licenses settings

| Software and Licenses settings

Use the Software and Licenses settings to set the Privilege Manager software location on the server and display a list of the Privilege Manager product licenses discovered during the installation or configuration process.

Table 79: Privilege Manager: Software and Licenses settings
Option Description
Privilege Manager software location on the server

Path

Enter the path where the Privilege Manager software packages are located on the server.

(See Setting the Privilege Manager software path for details.)

Licenses

Check for licenses

The Licenses window lists the licenses for active Privilege Manager policy groups. It includes the name of the product, the version installed, and if applicable, the expiration date, and the policy group.

Click the Check for licenses button to retrieve updated product license information.

NOTE: You must have a Privilege Manager Policy Server configured in order to update licensing. See Checking for Privilege Manager licenses for details.

NOTE: The mangement console automatically updates the license information each time you login.

Authentication Services settings

Use the Authentication Services settings to change the path to the Authentication Services software packages, validate the Authentication Services licenses, and enable Windows 2003 R2 schema.

Table 80: Authentication Services settings
Option Description
Client software location on the server

Path

Enter the path where the Authentication Services client software packages are located on the server.

See Setting the Authentication Services software path for details.

Licenses

Check for licenses

This window lists the Authentication Services product licenses discovered during the installation process. It includes the name of the product, the version installed, and if applicable, the expiration date.

Click the Check for licenses button to retrieve updated product license information.

See Checking for Authentication Services licenses for details.

Import

Click the Import button to browse for and select a Authentication Services license file to import.

See Importing Authentication Services licensesfor details.

Schema Configuration

Use Windows 2003 R2 schema

If Authentication Services is not using an Application Configuration for the schema, you may select this option to use the Windows 2003 R2 schema. If a schema is not used, some feathers in the console will be disabled.

See Configuring Windows 2003 R2 schema for details.

Documents connexes