The Log Receiver Service uses .sdf files to store logs received from Defender Security Servers. For each Defender Security Server, the Log Receiver Service creates a separate .sdf file.
These .sdf files are called the Log Receiver Service database and contain data used by the Defender Management Portal to display authentication log-related data, including the authentication statistics provided on the Dashboard tab of the portal.
On the Defender Management Portal computer, you can find these .sdf files in the following folder:
%ProgramFiles%\One Identity\Defender\Management Portal\WWW\App_Data
The name of each .sdf file has the following format: <DSS name>.<domain>.sdf
where
- <DSS name> is the name of the corresponding Defender Security Server.
- <domain> is the name of the Active Directory domain where the corresponding Defender Security Server resides.
The Defender Pluggable Authentication Module (PAM) is a UNIX/Linux module that authenticates the users of PAM-enabled services (such as ftp, sshd, and su) via Defender. To authenticate users, the Defender PAM module uses the RADIUS protocol and the Defender Security Servers deployed in your environment.
To install the Defender PAM on your UNIX or Linux system, use the appropriate platform-specific files such as .rpm, .pkg, .deb, .depot, or .bff supplied with Defender. In the Defender distribution package, you can find these files in the Setup\Unix PAM folder.
For example, on a Linux x86_64 system, use the Linux RPM program to install the pamdefender-<version>.x86_64.rpm package. In addition to installing the Defender PAM, the package installs PAM Defender configuration scripts into the /opt/quest/libexec/defender directory.
Because all Defender token information is associated with user objects in Active Directory, an Active Directory user must be given a UNIX identity on the local system before the Defender PAM can validate any security tokens for the user. You can create a UNIX identity for an Active Directory user manually or by using a Name Service Switch (NSS) module that provides UNIX identity information directly from Active Directory.
To manually create a UNIX identity for an Active Directory user, modify the /etc/passwd file so there exists a user who has a local user name that exactly matches the value stored in the user ID attribute of your Active Directory user. The user ID attribute is configurable when you create an Access Node. Usually, it is samAccountName, defender ID, or userPrincipalName.
Alternatively, you can use the Defender PAM in conjunction with the NSS module supplied with the product. With this method, Authentication Services provide UNIX identity information to any UNIX-enabled Active Directory user. To use Authentication Services for getting UNIX identity information for Active Directory users, use the vastool join command to join your UNIX/Linux computer to the Active Directory domain. For more information, see the vastool man page.
After installing the PAM Defender package on your UNIX or Linux system, you need to complete the following steps to enable Defender authentication for the users of PAM-enabled services:
You can considerably simplify these steps by using Authentication Services and Group Policy. To find out more about Authentication Services, please visit https://www.oneidentity.com/products/authentication-services/.
