サポートと今すぐチャット

オンラインヘルプの参照
登録の完了

サインイン

価格設定をリクエスト

営業担当に連絡

One Identity Management Console for Unix 2.5.3 - Administration Guide

コンテンツのナビゲーション

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix

What's new in Management Console for Unix 2.5 What are the core features of the console How Management Console for Unix works

Installing Management Console for Unix

System requirements

Network port requirements

Before installing the Management Console Installing the Management Console

Installing and uninstalling the console on Windows Installing the console from the Windows command line Installing and uninstalling the console on Unix and Linux

Launching the Management Console Setting up Management Console for Unix

Configure console for Active Directory logon Set up console access by role Identify console Set Supervisor Password dialog Summary dialog

Management Console for Unix Log On page Getting Started Tab Upgrade Quest Identity Manager for Unix

Reset custom configuration settings

Upgrade Management Console for Unix

Preparing Unix hosts

Adding hosts to the Management Console Renaming hosts Profiling hosts

Automatically profiling hosts Viewing the auto-profile status Viewing the auto-profile heartbeat errors

Checking readiness

Working with host systems

Install software on hosts Using the console search options

Performing a basic search Using the advanced search options Saving search criteria Removing saved searches

Filtering All Hosts view content Reviewing host properties Removing hosts from Management Console Importing SSH host key

Managing local groups

Adding a local group Searching for groups Modifying a local group's properties Adding users to a local group Removing user from local group Deleting local group Reviewing the Local Unix Groups report

Managing local users

Adding a local user Searching for users Modifying user properties Modifying multiple user's properties Resetting local user's password System Users

Manually marking system users Marking multiple system users

Deleting a local user Reviewing the Local Unix Users report

Active Directory integration

Enabling Active Directory features Adding an Active Directory group account Adding an Active Directory user account Searching for Active Directory objects Viewing or modifying Active Directory user properties Viewing or modifying Active Directory group properties

Authentication Services integration

Installing Authentication Services Configure Active Directory for Authentication Services

Configuring Active Directory for Authentication Services About Active Directory configuration

Displaying Authentication Services agent information Setting Authentication Services software path Checking host for AD readiness

Review the Authentication Services Readiness report

Installing Authentication Services software packages

Upgrading Authentication Services

Joining host to Active Directory

Optional Join commands Unjoining host from Active Directory

Configuring host access control Check QAS Agent Status

Manually checking QAS agent status Automatically checking QAS agent status Viewing the QAS status errors Viewing the QAS status heartbeat errors

Adding AD user to a local group Mapping local users to Active Directory users

Enabling local user for AD authentication Listing local users required to use AD authentication

Testing the mapped user login Configuring the console to recognize Unix attributes in AD Unix-enable an Active Directory group

Reviewing the Unix-enabled AD Groups report

Unix-Enable an Active Directory User

Reviewing the Unix-enabled AD Users report

Testing the Active Directory user login

Privilege Manager integration

Getting started Configure a primary policy server

Checking policy server readiness Installing the Privilege Manager packages Configuring the primary policy server Joining the host to a policy group

Unjoining host from policy group

Configure a secondary policy server

Configuring a secondary policy server

Install PM agent or Sudo plugin on a remote host

Checking client for policy readiness Installing Privilege Manager agent or plugin software

Security policy management

Opening a policy file

Rolling back the policy file

Edit panel commands Editing PM policy files

Default roles (or profiles) Modifying Privilege Manager role properties

Overriding role property defaults Role property variables

Adding a Privilege Manager role Add a Privilege Manager restricted shell role Adding Privilege Manager role based on an existing role Saving policy files Deleting Privilege Manager role Changing policy version Reviewing policy changes Managing role defaults Modifying PM policy files with the text editor

Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report

Event logs and keystroke logging

Enabing keystroke logging Recording keystrokes Listing events and replaying keystroke logs

Replay log controls

Running reports Reports

Host reports User reports Group reports Access & Privileges reports Product Licenses Usage reports

Setting preferences

User preferences

General user preferences

Setting the default domain

Host Credentials settings

Modifying saved host credentials Removing saved host credentials

System preferences

General system settings

Duplicate SSH Host Keys Setting session timeout Automatically marking host system users Console Information settings

Publishing console to Active Directory

Changing supervisor account password Setting custom privilege elevation commands

Console Roles and Permissions system settings

Adding (or Removing) role members Reviewing the Console Access and Privileges report

Active Directory system settings

Active Directory configuration

Configuring advanced settings Setting the default logon domain

Privilege Manager system settings

Configuring a service account Unconfiguring a service account Activating policy groups Deactivating policy groups Software & Licenses settings

Setting the Privilege Manager software path Checking for Privilege Manager licenses Privilege Manager license alerts

Authentication Services system settings

Setting the Authentication Services software path Authentication Services license alerts Checking for Authentication Services licenses Importing Authentication Services licenses Configuring Windows 2003 R2 schema

Management Console for Unix server and console

Authenticating the supervisor user Authenticating Active Directory users using Windows Integrated Authentication Authenticating Active Directory users using a username and password Installing a production certificate

Generating a custom SSL/TLS certificate and key pair for Management Console for Unix Importing certificate to trusted domains on Windows Importing certificate to trusted domains on Unix or Linux Disabling SSL/TLS encryption

Customizing HTTP and SSL/TLS ports Changing allowed ciphers

Active Directory Managed Unix Hosts

Managing SSH host keys Known_hosts file format Handling changes to SSH host keys Detecting multiple hosts with the same key Caching Unix host credentials

Security of credential caching

Database Security Summary of Security Recommendations

Troubleshooting tips

Auto profiling issues

Auto profiling takes a long time Auto profiling returns an error

Active Directory Issues

Active Directory connectivity issues Unable to configure Active Directory Active Directory is disabled Active Directory tasks are disabled

Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues

Join to policy group failed Join to policy group option is not available Preflight fails because the policy server port is unavailable Policy Change report reports newlines

Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings

Customize auto-task settings Enable debug logging

Single Sign-on (SSO) issues

Configure a Firefox web browser for SSO Configure an IE web browser for SSO Disable Single Sign-on (SPNEGO/HTTP negotiation) Disable SSPI for Single Sign-on Enable SSO for remote browser clients

JVM memory tuning suggestions Start/stop/restart Management Console for Unix service

Linux or Solaris machines HP Unix (HPUX) machine Windows machine

Toolbar buttons are not enabled UID or GID conflicts

System maintenance

Backup procedure Restore procedure

Command line utilities

MCU PowerShell cmdlets and Unix CLI commands MCU PowerShell cmdlets

Installing MCU PowerShell cmdlets Viewing MCU PowerShell cmdlet help information

Unix CLI commands

Installing Unix CLI packages Uninstalling Unix CLI packages Upgrading the Unix CLI packages

Mac CLI Commands

Installing Mac CLI Packages Installing Mac CLI packages using the GUI

Examples of Using Command Line Utilities

Connect to the console Add host to the console Create local group across all managed hosts Add a local user to a group on each managed host Add localuser to a group on all Linux machines Get a user on a specific computer Find a UID on a computer Remove all credentials stored in the console for a specific host Set a local user's password View a group’s membership

Accessing the web services Web services Web services examples

Database maintenance

Database location and files Database backup procedure Database states

Importing certificate to trusted domains on Windows

To import certificates to trusted domains on Windows platforms

Copy the certificate to the Windows computer on which the mangement console is running.
Double-click the certificate to open the certificate details.
On the General tab, click the Install Certificate and click Next.
The certificate import wizard starts.
Select Place all certificates in the following store and click Browse.
Select Trusted Root Certification Authorities and click OK.
Click Next.
Click Finish.
Click OK when a message says the import was successful.

Note: You can also import certificates into a trusted domain by means of your browser.

Importing certificate to trusted domains on Unix or Linux

To import certificates to trusted domains on Unix or Linux platforms

As root, run the following commands:

cp server.crt /etc/ssl/certs
cp server.key /etc/ssl/private

Disabling SSL/TLS encryption

SSL is enabled by default. A self-signed certificate is installed but you should replace it with a valid certificate for your organization. While not recommended, it is possible to disable SSL/TLS encryption entirely.

To disable SSL/TLS encryption

Add the following line to the custom.cfg file:
```
-Dssl.enabled=false
```
Note: All HTTPS traffic will be redirected to the HTTP port.
Update any browser bookmarks to specify the HTTP port number.

Customizing HTTP and SSL/TLS ports

To customize HTTP and SSL/TLS ports

Add the following lines to the custom.cfg file:
```
-Dmcu.port.https=<port>
-Dmcu.port.http=<port>
```
where <port> is any port number not already in use on the machine hosting the server and -Dmcu.port.https is for SSL ports and -Dmcu.port.http is for non-SSL port.
Note: The Command Line utilities and Web Services do not work unless you connect with the non-secure (http) port which allows the utility to discover the secure port.

For more information about the Command Line utilities and Web Services, refer to these links:
- Command line utilities
- Web services
See Setting custom configuration settings for general information about customizing configuration settings for the mangement console.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択

© 2024 One Identity LLC. ALL RIGHTS RESERVED. 利用規約プライバシー Cookie Preference Center