One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Windows machine

To stop, start, or restart the Management Console for Unix service (mcu_service) on a Windows machine

  1. If you installed the Start menu items, navigate to Start | Programs | Quest Software | Management Console for Unix to either stop the service or start the service.

    This is handy on Windows 7+ because you can use the <windows_key> to search for it quickly.

  2. Otherwise, you can log onto the machine as root user.
  3. Navigate to Start | Programs | Administrative Tools | Services to open the Services dialog.
  4. Locate and select the One Identity Management Console for Unix jetty service in the list.

    Use the Start, Stop, or Restart commands from the Action menu or right-click context menu.

Toolbar buttons are not enabled

You use the toolbar buttons across the top of the All Hosts view to perform individual tasks against one or more managed host systems. If the toolbar buttons are not active, it might be due to

  • Host state
  • User account role and permissions
  • View settings
Host State

If you select multiple hosts, they all must be in the same state (added, profiled, or joined) to perform the desired task. If they are not all in the same state, the toolbar button for that task will be disabled.

For example, if you select all hosts, but one or more of them are not profiled, the Install Software toolbar button will not be available for the whole group. If you deselect the hosts that are not profiled, the Install Software toolbar button becomes active. Also, if one of the selected hosts is currently being profiled by auto-profile, the web services, or by another console user, the Profile button will be disabled. You can either wait for the profile task to complete, or deselect the host to activate the Profile button.

User Account Role and Permissions

Another reason for a disabled toolbar button might be your user account role. You may only have read-only access to the view and are not allowed to perform the desired task. For example, if your user account is not in the Manage Hosts role, then you cannot make changes to hosts.

View Settings

Other tasks, such as Clear column filters have nothing to do with host state or user roles. That toolbar button is only enabled if you have column filters set. If there are no column filters set, then the option to Clear column filters is disabled. When one or more filters are set, then the option is enabled.

UID or GID conflicts

Management Console for Unix does not automatically pick up changes to the host made externally to the console unless you configure the host for auto-profiling.

For example, when you install Privilege Manager software on a remote host, it creates a new user and group named pmclient, assigning a UID and GID accordingly. If you do not profile the host after installing the Privilege Manager packages, the mangement console will not recognize the new user name and group name. If you attempt to configure that host for auto-profiling or automatic QAS status updates without profiling, you might encounter a UID conflict, such as this:

Or, if you attempt to add a new local group to that host without profiling, you might encounter a GID error like this:

If you encounter a UID or GID conflict, profile the host and try the action again before you troubleshoot the problem further.

NoteS:

  • As a best practice, configure newly added hosts for auto-profiling before you perform any other actions so that the mangement console dynamically updates user and group information. See Automatically profiling hosts for details.
  • If Authentication Services is installed you may also get these errors because of UID/GID conflicts with Active Directory accounts. In this case, because the mangement console does not check for Active Directory conflicts, you will have to manually create the user with a different ID.

System maintenance

It is important to safeguard your data. One Identity recommends that you maintain copies of the most important files so you're always prepared for the worst.

This appendix provides general information and guidelines for maintaining or backing up your data.

Documents connexes