Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.3 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Privilege Manager feature issues

Management Console for Unix integrates with Privilege Manager, including the ability to centrally manage policy. The following topics may help you resolve some of the common problems you might encounter.

Join to policy group failed

When you join a remote Sudo Plugin host to a policy group you are required to enter a password in the Joined password box. The join password is the password for the pmpolicy user that was set when the qpm-server was configured. See Configuring the primary policy server for details.

If the join operation does not recognize the pmpolicy user password, you will receive an error message with the following snippet:

Enter password for pmpolicy@<host>:
       [FAIL]
       - Failed to copy file using ssh.

       - Error: Failed to add the host to the list of known hosts
       (/var/opt/quest/qpm4u/pmpolicy/.ssh/known_hosts).
       Permission denied, please try again.
       Permission denied, please try again.
       Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

       ** Failed to setup the required ssh access.
       ** The pmpolicy password is required to copy a file to the primary
       ** policy server.
       ** To complete this configuration, please rerun this command and
       ** provide the correct password.

Run the join operation again entering a correct password.

Join to policy group option is not available

If you run the Check Client for Policy Readiness with no errors and the console indicates that the host is "Ready to join" a policy group, yet the Join to Policy Group option is not available, this topic will help you troubleshoot the issue.

To join a host to a policy group, the host must meet all of the following conditions:

  • When using a sudo policy type, to join a policy group, the selected hosts must have Sudo 1.8.1 (or higher), the Sudo Plugin software installed, and be added and profiled to the mangement console.
  • When using pmpolicy type, the host must have the PM Agent software installed on it. See Installing Privilege Manager agent or plugin software.
  • A service account must be configured on the primary policy server. See Configuring a service account).
  • A policy group must be active. See Activating policy groups.
  • If you select multiple hosts to join, they must be of the same type (sudo or pmpolicy). However, when selecting multiple primary servers, the Join option will be disabled because each primary server belongs to a different policy group.

Once you meet these conditions, you can run the Join to Policy Group option from the Prepare panel of the All Hosts view. See Joining the host to a policy group for details.

Preflight fails because the policy server port is unavailable

If you have the qpm-server installed and you run Check Client for Policy Readiness from the mangement console and it tells you the policy server port is unavailable, check the port to see if another program is using that port.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating