To help you troubleshoot, One Identity recommends the following resolutions to some of the common problems you might encounter as you deploy and use Privilege Manager for Unix.
To help you troubleshoot, One Identity recommends the following resolutions to some of the common problems you might encounter as you deploy and use Privilege Manager for Unix.
To view debug information for profile-based policy, set the value for the pf_tracelevel variable either globally in global_profile.conf, or in an individual profile.
To set the pf_tracelevel variable in the profile
# Variable: pf_tracelevel: Enables tracing/debugging output at different levels: # 1:show reason for reject, 2: verbose output, 3: show debug trace pf_tracelevel=2;
$ pmrun id ******************************************************************** ** One Identity Privilege Manager for Unix Version 6.0.0 (006) ** ** This request is being authorized on master :<HostName> ** User "luser" has submitted a request from host "<HostName>" ** to run the command "id" ******************************************************************** User : luser Host : <HostName> Command : id * Check profile:profiles/admin.profile ** Profile:admin does not match user ** Profile:admin does not match UNIX group ** Profile:admin does not match AD group list * Check profile:profiles/demo.profile ** Validate command:id ** Profile:demo cmd[0] matches command:id Request accepted by the "demo" profile All interactions with this command will be recorded in the file: /var/opt/quest/qpm4u/iolog/demo/luser/id_20121023_1038_qu3zcf Executing "id" as user "root" ... ******************************************************************************** uid=0(root) gid=0(root) groups=0(root)
Technical Support may ask you to create a trace file when you run a program by using the -z option. The -z option enables tracing on a specific program or currently running process.
To display program-level tracing
# <CommandName> -z on
The -z option creates a <CommandName>.ini file which then creates a <CommandName>.trc file when you run the command. The .trc file contains the debug information. Both the .ini and the .trc files are created in the /tmp directory.
pmloadcheck is both a command and a background daemon (run with the -i flag). When run as a command, it checks, updates, and reports on the status of the policy server. You can use pmloadcheck from a policy server or PM Agent.
When run as a daemon process, it keeps track of the status of the policy servers for failover and load-balancing purposes. On policy servers, pmloadcheck is responsible for keeping the production policy file up to date.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center