지금 지원 담당자와 채팅
지원 담당자와 채팅

Safeguard Authentication Services 5.0.1 - Installation Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Installing and configuring Safeguard Authentication Services Installing and joining from the Unix command line Getting started with Safeguard Authentication Services
Getting acquainted with the Control Center Learning the basics
Troubleshooting Enterprise package deployment

Reports

The management console provides comprehensive reporting which includes reports that can help you plan your deployment, consolidate Unix identity, secure your hosts and troubleshoot your identity infrastructure. The following tables list the reports that are available in Management Console for Unix.

Note: Report availability depends on several factors:

  • User Log-on Credentials: While some reports are available when you are logged in as supervisor, there are some reports that are only available when you are logged on as an Active Directory user. See Active Directory Configuration in the online help for details.
  • Roles and Permissions: Reports are hidden if they are not applicable to the user's console role. See Console Roles and Permissions System Settings in the online help for details. For example, you must have an activated policy server to activate the sudo-related reports.

Host reports

The following reports provide Unix host information that is gathered during the profiling process.

Table 27: Host reports
Report Description
Safeguard Authentication Services Readiness

Provides a snapshot of the readiness of each host to join Active Directory. This report is best used for planning and monitoring migration projects. The basic report includes the following information:

  • Total number of hosts
  • Total number, percentage, and names of the hosts ready to join
  • Total number, percentage, and names of the hosts ready to join with advisories
  • Total number, percentage, and names of the hosts not ready to join
  • Total number of hosts not checked for AD readiness

Use the following report parameters to define details to include in the report.

  • Joined to AD
  • Ready to Join AD
  • Ready to Join AD with Warnings
  • Not Ready to Join AD
  • Not Checked for Readiness

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

Privilege Manager Readiness

Provides a snapshot of the readiness of each host to join a policy group. The basic report includes the following information:

  • Total number of hosts
  • Total number, percentage, and names of the hosts ready to join
  • Total number, percentage, and names of the hosts not ready to join
  • Total number of hosts not checked for readiness

Use the following report parameters to define details to include in the report.

  • Joined to a policy group
  • Ready to join a policy group
  • Ready to join a policy group with warnings
  • Not ready to join a policy group
  • Not checked for readiness

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Sudo Policy role or the Audit Sudo Policy role.

Unix Computers in AD

Lists all Unix computers in Active Directory in the requested scope.

By default, this report is created using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.

Unix Host Profiles

Summarizes information gathered during the profiling process of each managed host. This report includes the following information:

  • Total number of hosts included in the report
  • Host Name, IP Address, OS, Hardware
  • Sudo version number

Use the following report parameters to define details to include for each host.

  • Safeguard Authentication Services Properties
  • Privilege Manager Properties
  • Local Users
  • Local Groups
  • Host SSH Keys
  • Installed One Identity Software

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

User reports

The following reports provide local and Active Directory user information.

Table 28: User reports
Report Description
AD User Conflicts

Returns all users with Unix User ID numbers (UID numbers) assigned to other Unix-enabled user accounts.

By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.

Local Unix User Conflicts

Identifies local user accounts that would conflict with a specified user name and UID on other hosts. You can use this report for planning user consolidation across your hosts. This report includes the following information:

  • Host Name, DNS Name, or IP Address where a conflict would occur
  • User Name, UID Number, Primary GID Number, Comment (GECOS), Home Directory, and Login Shell for each host where conflicts exist

Use the following report parameters to define the user name and UID number that would cause a conflict with existing local user accounts:

  • User Name is
  • UID Number is

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

Local Unix Users

Lists all users on all hosts or lists the hosts where a specific user account exists in /etc/passwd. This report includes the following information:

  • Host Name, DNS Name, or IP Address where the user exists
  • User Name, UID Number, Primary GID Number, Comment (GECOS), Home Directory, and Login Shell for each host where the user exists

If you do not define a specific user, it includes all local users on each profiled host in the report.

To locate a specific user, use the following report parameters:

  • User Name contains
  • UID Number is
  • Primary GID Number is
  • Comment (GECOS) contains
  • Home Directory contains
  • Login Shell contains

NOTE: When you specify multiple report parameters, it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate the user account.

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

Local Unix Users with AD Logon

Identifies the local user accounts that are required to use Active Directory credentials to log onto the Unix hosts. This report includes the following information for hosts that are joined to an Active Directory domain:

  • Host Name, DNS Name, or IP Address of hosts where users exist that are required to log on using their AD credentials
  • User Name, UID Number, Primary GID Number, and Comment (GECOS) of local user account
  • The SAM account Name of the Active Directory account that the local user account must use to log on

NOTE: This report only includes hosts joined to an Active Directory domain with a Safeguard Authentication Services 4.x agent.

NOTE: This report is only available when the host has Safeguard Authentication Services 4.x or later installed and is joined to Active Directory. You must be logged in with an Active Directory account in the Manage Hosts role.

Master /etc/passwd List

Provides a consolidated list of all user accounts from all hosts, excluding any local users marked as system users. This report includes the following information:

  • Username
  • Empty password
  • UID
  • GID
  • GECOS
  • Home directory path
  • Account's shell

You can consolidate the list of user accounts by matching values for accounts across multiple hosts. Accounts found with matching values are listed as a single local account. This list is best used for migrating local users to Active Directory.

Indicate how you want to match user accounts by selecting the value parameters that you want to match:

  • Username
  • UID
  • GID
  • GECOS
  • Home Directory
  • Shell

Optionally, you can include the host name for the accounts, as well:

  • Include the host name for accounts

This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

NOTE: If you select the Include the host name for accounts option, the management console adds a column to the Master_etc_passwdList .csv file to identify the host for each user account. One Identity provides the Host column information to help you resolve the entries in the file. However, before you import the .cvs file into the Unix Account Import Wizard, you must remove the Host column.

You can easily migrate local users to Active Directory by exporting the Master /etc/passwd List report, then importing it into the Unix Account Import Wizard, accessible from the Safeguard Authentication Services Control Center's Tools link. The Unix Account Import wizard is a versatile tool that helps migrate Unix account information to Active Directory. It is especially well-suited to small, one-shot import tasks such as importing all the local user accounts from a specific Unix host. The Unix Account Import Wizard can import Unix data as new user and group objects or use the data to Unix-enable existing users and groups.

Unix-Enabled AD Users

Lists all Active Directory users that have Unix user attributes.

NOTE:

  • A User object is considered to be 'Unix-enabled' if it has values for the UID Number, Primary GID Number, Home Directory, and Login Shell.
  • If Login Shell is /bin/false, the user is considered to be disabled for Unix or Linux logon.
  • Account Disabled indicates whether the Active Directory User account is enabled or disabled.

By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is only available if you have configured the management console to recognize Active Directory objects (see Configuring the Console to Recognize Unix Attributes in AD in the online help), and you are logged on as an Active Directory account in the Manage Hosts role.

Group reports

The following reports provide local and Active Directory group information.

Table 29: Group reports
Report Description
AD Group Conflicts

Lists all Active Directory groups with Unix Group ID (GID) numbers assigned to other Unix-enabled groups.

By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select the base container to begin the search.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.

Local Unix Groups

Identifies the hosts where a specific group exists in /etc/group. This report includes the following information:

  • Host Name, DNS Name, or IP Address where the group exists
  • Group Name, GID Number, and members for each host where the group exists

If you do not specify a group, it includes all local groups on each profiled host in the report.

To locate a specific group, use the following report parameters:

  • Group Name contains
  • GID Number is
  • Member contains
  • Include all group members in report

NOTE: The Member contains field accepts multiple entries separated by a comma. Spaces are taken literally in the search. For example, entering:

  • adm, user searches for members whose name contains "adm" or "user"
  • adm,user searches for members whose name contains "adm" or "user"

NOTE: When you specify multiple report parameters (for example, Group Name contains, GID Number is, and Member contains), it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate a group.

In addition, it includes all of the group members in the report by default, but you can clear the Include all group members in report option.

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

Unix-Enabled AD Groups

Lists all Active Directory groups that have Unix group attributes.

NOTE: A Group object is considered 'Unix-enabled' if it has a value for the GID Number.

By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is only available if you have configured the management console to recognize Active Directory objects (see Configuring the Console to Recognize Unix Attributes in AD in the online help), and you are logged on as an Active Directory account in the Manage Hosts role.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택