Now that you have Unix-enabled an Active Directory user, you can log into a local Unix host using your Active Directory user name and password.
To test the Active Directory login
- From the Control Center, under Login to remote host:
Click Login to log onto the Unix host with your Active Directory user account.
- Enter the password for the Active Directory user account.
- At the command line prompt, enter id to view the Unix account information.
- After a successful log in, verify that the user obtained a Kerberos ticket by entering:
/opt/quest/bin/vastool klist
The vastool klist command lists the Kerberos tickets stored in a user's credentials cache. This proves the local user is using the Active Directory user credentials.
- Enter exit to close the command shell.
You just learned how to manage Active Directory users and groups from the mangement console by Unix-enabling an Active Directory group and user account. You tested this out by logging into the Unix host with your Active Directory user name and password. Optionally, you can expand on this tutorial by creating and Unix-enabling additional Active Directory users and groups and by testing different Active Directory settings such as account disabled and password expired.
Management Console for Unix allows you to install the Privilege Manager Policy Server as well as the Privilege Manager Agent and the Sudo Plugin software to remote hosts; it also allows you to join hosts to a policy group activated in the Privilege ManagerSystem Settings. See Configuring a service account for details.
The policy management and keystroke logging features are available when the mangement console is configured in System Settings for one or more policy groups.
Note: To use the policy editor, you must log in either as the supervisor or an Active Directory account with rights to manage policy; that is, an account in the Manage Sudo Policy or Manage PM Policy roles.
To replay keystroke logs, you must log in either as the supervisor or an Active Directory account with rights to audit policy; that is, an account in the Audit Sudo Policy or Audit PM Policy console roles.
After you install Management Console for Unix, you are ready to enable the Privilege Manager features.
To enable the mangement console's Privilege Manager features
-
Set up a user in the Manage Sudo Policy or Manage PM Policy role to edit the policy and a user in the Audit Sudo Policy or Audit PM Policy role to replay keystroke logs. See Adding (or Removing) role members for details.
Note: The default supervisor account is a member of all roles and therefore has the permissions to both edit policy and replay keystroke logs.
-
Download the Privilege Manager for Unix software packages to the server.
-
Set the Privilege Manager software location in System Settings.
See Setting the Privilege Manager software path.
-
Configure the Primary Policy server:
- Add and profile a host intended to be the primary policy server.
- Check the server for configuration readiness. See Checking policy server readiness.
- Install the Privilege Manager Policy Server package. See Installing the Privilege Manager packages.
- Configure the primary policy server. See Configuring the primary policy server.
- Join the PM Agent or Sudo Plugin to the policy group. See Joining the host to a policy group.
-
Configure a Secondary Policy server:
- Add and profile a host intended to be a secondary policy server used for load balancing.
- Check the server for configuration readiness. See Checking policy server readiness.
- Install the Privilege Manager Policy Server package. See Installing the Privilege Manager packages.
- Configure the secondary policy server. See Configuring a secondary policy server.
- Join the PM Agent or Sudo Plugin to the policy group. See Joining the host to a policy group.
-
Install the PM Agent or Sudo Plugin software on a remote host:
- Add and profile a remote host where you plan to install the PM Agent or Sudo Plugin software.
- Configure a console service account on the primary policy server and activate the policy groups you want to use. See Configuring a service account for details.
- Check the remote host for policy readiness. See Checking client for policy readiness.
- Install the Privilege Manager software on the remote host. See Installing Privilege Manager agent or plugin software.
- Join the PM Agent or Sudo Plugin to the policy group. See Joining the host to a policy group.