Service account login fails
There could be several reasons why you might receive an error message saying you could not log in with the user service account:
- Account does not exist
- Account has been disabled
- Account has invalid gid or login shell
- SSH server is not running
- SSH keys are not configured properly
- SSH server is not configured to allow login by means of SSH key
- SElinux may be disallowing access to SSH server files needed for SSH key authentication
To troubleshoot your login failure,
- Check your SSH server configuration to verify that public key authentication is enabled. (Refer to your SSH server configuration instructions for details.)
- Test SSH key authentication with another user.
- Reconfigure or disable SELinux.
Note: Configuring a service account on a host with Security-Enhanced Linux (SELinux) enabled might fail due to the enhanced security-related restrictions on the system. Contact Technical Support at https://support.oneidentity.com/ for instructions on how to either reconfigure or disable SELinux.
Setting custom configuration settings
When you start the Management Console for Unix service, it reads Java Virtual Machine (JVM) system properties from a configuration file.
You can set custom configuration settings by adding system properties, one per line, to the custom.cfg file, in the form:
-Dproperty=value.
The custom.cfg file is in the application data directory:
Here are some general tips for adding system properties to the custom.cfg file:
- All system property declarations must be on its own line:
-Xms512m
-Xmx512m
- Do not enter multiple entries on a single line like this:
-Xms512m -Xmx512m
- A line preceded by a # character specifies a commented line and will be ignored.
- The system property declarations are case sensitive. Be sure to enter lines to the custom.cfg file carefully.
- Restart the console service to enable the system property declarations.
The following topics give you details about setting custom system properties:
Customize auto-task settings
Management Console for Unix uses a heartbeat to verify that the:
- host system is still properly configured to send updates
- current QAS status is accurate
You can customize the heartbeat interval for the automatic QAS Status update. However, if you change the heartbeat interval you must reconfigure automatic QAS agent status for all hosts previously configured.
To customize heartbeat interval
-
Locate the custom.cfg file.
See Setting custom configuration settings for more information about customizing configuration settings for the mangement console.
-
Add the following property:
-Dmcu.QasStatusHeartbeatsPerDay=n
where n is the number of times per day. (The default is 6 times a day.)
Valid values are: 1,2,3,4,6,8,12, and 24 times a day.
The actual time of day that heartbeats are sent vary from host to host.
-
Save the custom.cfg file.
-
Restart the Management Console for Unix service.
Enable debug logging
Technical Support may request that you enable and generate some debug logs for troubleshooting purposes.
To enable the debug logging
- Stop the Management Console for Unix service
See Start/stop/restart Management Console for Unix service for details.
- Open the custom.cfg file for editing.
See Setting custom configuration settings for general information about customizing configuration settings for the mangement console.
- Add these system properties to the custom.cfg file:
-Dlog4j.configuration=log4j-debug.xml
AND
-Djcsi.kerberos.debug=true
- Save the custom.cfg file.
- Start the Management Console for Unix service.
By default, the debug logs are saved in the application data directory at: