Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Host Access Control view

Click the Manage Access button to modify the Authentication Services login policy. (See Configuring host access control for details.)

Install software on hosts

Once a you have successfully added and profiled one or more hosts, you can remotely deploy software products to them from the mangement console.

The Install Software dialog displays when you select the Install Software toolbar button.

From this dialog, select the software products you want to deploy and install on the selected hosts.

Note: If you do not see all of these software packages, verify that the path to the software packages is correctly set in System Settings. Refer to:

Available software components

You can install the following software products remotely from the mangement console:

  • Privilege Manager (3 items)
    • Sudo Plugin - Select to install a component that enables the host to use a centrally managed sudoers policy file located on the Privilege Manager primary server from the mangement console.

      Note: Before installing the Sudo Plugin, please see Configuring a service account.

    • Privilege Manager Agent - Select to install a component that enables the host to use a centrally managed pmpolicy policy file located on the primary policy server from the mangement console.

      Note: Before installing the Privilege Manager Agent, please see Configuring a service account.

    • Privilege Manager Policy Server - Select to install the Privilege Manager Policy Server which provides central policy management, granular access control reporting, as well as the ability to enable, gather, store and playback keystroke logs.

      Note: Centralized policy management and keystroke logging are licensed separately.

    Note: When you install the Privilege Manager Policy Server it installs all three Privilege Manager for Unix packages on that host. However, once you have installed the Sudo Plugin onto a remote host, the mangement console will not allow you to install the PM Agent on that host; and once you have installed the PM Agent onto a remote host, the mangement console will not allow you to install the Sudo Plugin on that host.

  • Authentication Services (5 items)
    • Authentication Services Agent (Required) - Select to allow Active Directory users access to selected host. Authentication Services provides centralized user and authentication management. It uses Kerberos and LDAP to provide secure data transport and an authentication framework that works with Microsoft Active Directory. Components include: vasd, nss_vas, pam_vas, and vastool.
    • Authentication Services for Group Policy (Required) - Select to install the Group Policy component which provides Active Directory Group Policy support for Unix, Linux, and Mac platforms.
    • Authentication Services for NIS - Select to install the NIS Proxy component which provides the NIS compatibility features for Authentication Services. vasyp is a NIS daemon that acts as a ypserv replacement on each host.
    • Authentication Services for LDAP - Select to install the LDAP Proxy component which provides a way for applications that use LDAP bind to authenticate users to Active Directory without using secure LDAP (LDAPS). Instead of sending LDAP traffic directly to Active Directory domain controllers, you can configure applications to send plain text LDAP traffic to vasldapd by means of the loopback interface. vasldapd proxies these requests to Active Directory using Kerberos as the security mechanism.
    • Dynamic DNS Updater - Select to install the Dynamic DNS Updater component which provides a way to dynamically update host records in DNS and can be triggered by DHCP updates.
  • Defender (1 item)
    • Defender PAM Module - Select to install the Defender authentication components for PAM based Unix/Linux systems. Includes PAM module, documentation and utilities to appropriately configure the PAM subsystem for Active Directory/Defender OTP authentication.

For more information about installing software components:

Using the console search options

Management Console for Unix provides both basic and advanced search options to help you find and select hosts from the All Hosts view or user accounts from the All Local Users tab.

Performing a basic search

To search for hosts on the All Hosts view based on the values in any of the mangement console columns, use the Search for hosts box under the toolbar. To search for users on the All Local Users tab based on the values in any of the columns on that view, use the Search for users box.

To perform a basic search

  1. Place your cursor in the Search box and enter one or more characters. As you enter characters into the search field, the mangement console displays only the items that contain the search criteria. For example, if you enter the letter "a", the console displays all items that have the letter "a" in one of the columns.

    Note: You cannot use wildcards in basic search strings.

  2. Optionally, to sort within the displayed items, click a column title to arrange it into either ascending or descending order.
  3. To clear the search and display all items, click the to the right of the Search for hosts box.
Related Documents