Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Upgrade Management Console for Unix

The process for upgrading Management Console for Unix from an older version is similar to installing it for the first time. The installer detects an older version of the console and automatically upgrades the components.

Note: The procedures in this topic assume you have Management Console for Unix 2.0.x or greater installed.

Before you begin the upgrade procedure, review the upgrade notes in the release notes, close the console and make a backup of your database, as explained in step 1.

To upgrade Management Console for Unix

  1. Backup the database files:
    1. Shutdown the service. See Start/stop/restart Management Console for Unix service for details.

      Management Console for Unix uses a HSQLDB (Hyper Structured Query Language Database) to store its data such as information about the hosts, settings, users, groups, and so forth.

    2. Copy the /var/opt/quest/mcu data directory to a backup location.

      Refer to Database maintenance for more information about the database locations and filenames.

    3. After backup is complete restart the service. See Start/stop/restart Management Console for Unix service for details.

      Once you backup the database files, you are ready to start the upgrade.

  2. To start the upgrade, follow the instructions for a first-time installation. See the Installing and Uninstalling topic for your platform under Installing the Management Console to start the installation procedure.

    When the installer detects a previous version of the mangement console is already installed, it asks if you want to continue.

  3. Click Yes at the Install Management Console for Unix dialog.
  4. Accept the terms of the license agreement and click Next.
  5. Modify the default SSL (https) and Non-SSL (http) port numbers, if necessary, and click Install.

    The installation wizard uninstalls the old version and configures the server database and service.

Note: After an upgrade from any version of Management Console for Unix, it is important to re-profile all managed hosts.

Preparing Unix hosts

The mangement console provides a central management and reporting console for local Unix users and groups.

Whether you have the core version of the mangement console or are managing hosts with Authentication Services or Privilege Manager for Unix, once you have successfully installed Management Console for Unix, you must first add your hosts to the console, and then profile them to gather system information. Once a host is added and profiled you can then manage users and groups on the hosts and run reports.

Note: Installing Authentication Services on hosts that you manage with the console unlocks many additional features for managing Unix systems with Active Directory, such as Active Directory user management and Access and Privileges reports.

Installing Privilege Manager on hosts that you manage with the console allows you to view and edit centrally stored policies, as well as search and replay keystroke logs. See What are the core features of the console for a list of these additional features.

Adding hosts to the Management Console

In order to manage a Unix host from the mangement console, you must first add the host. Go to the Hosts tab of the mangement console to either manually enter hosts or import them from a file.

To add hosts to the mangement console

  1. Click the Add Hosts toolbar button to display the Add Hosts dialog.

  2. To manually add one or more hosts, enter the FQDN, IP address, or short name of a host you want to add to the mangement console and either click the Add button or press Enter.

    Once added, the Host column displays the value you enter. The mangement console uses that value to connect to the host. You can rename the host if it has not been profiled using the Rename Host command on the Host panel of the toolbar. After a host is profiled the only way to change what is displayed in the Host column is to remove the host from the console and re-add it. For example, if you add a host by its IP address, the IP address displays in the Host column (as well as in the IP Address column); to change what is displayed in the Host column, you must use the Remove from console toolbar button to remove the host from the console; then use the Add Hosts button to re-add the client by its host name. If you had profiled the host before removing it, you will have to re-profile it after re-adding it.

  3. To add hosts from a known_hosts file, click the Import button.

    1. On the Import hosts from file dialog, browse to select a .txt file containing a list of hosts to import.

      Once imported, the host addresses display in the Add Host dialog list.

      Note: The valid format for an import file is:

      • .txt file - contains the IP address or DNS name, one per line
      • known_hosts file - contains address algorithm hostKey (separated by a space), one entry per line

      See Known_hosts file format for more information about the supported known_hosts file format.

  4. Once you have a list of one or more hosts to add, if you do not wish to profile the hosts at this time, clear the Profile hosts after adding option.

    Note: If you add more hosts to the list than selected in the Rows to show drop-down menu in the View panel of the toolbar, this option is disabled.

  5. If you do not clear the Profile hosts after adding option on the Add Hosts dialog, when you click OK, the Profile Host dialog prompts you to enter the user credentials to access the hosts. (Refer to Profiling hosts which walks you through the host profile steps.)

  6. If you clear the Profile hosts after adding option on the Add Hosts dialog, when you click OK, the Add Hosts dialog closes and control returns to the mangement console.

    The mangement console lists hosts that were successfully added on the All Hosts view by the FQDN, IP address, or short name of the hosts you entered on the Add Hosts dialog.

Renaming hosts

Note: You can only rename a host that has not been profiled.

To rename hosts

  1. Select a host on the All Hosts view and click Rename Host from the Host panel of the toolbar.
  2. In the Rename Host dialog, enter the FQDN, IP address or short name to use to connect to that host.
  3. Optionally, you can clear the Profile host now option.
  4. Click OK.

If the Profile host now option option was selected, the mangement console starts the Profile Host procedure. See Profiling hosts for details.

Documents connexes