One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Host User Statistics pane

With Authentication Services 4.x installed and when you are logged on as an Active Directory account in the Manage Hosts role, the Host User Statistics pane displays in the upper right-hand corner of the All Local Users view and contains the following information:

Table 32: Host User Statistics pane
Option Description
Users requiring AD logon Displays the number of users that must use their AD logon to access the Unix host.
Users not requiring AD logon Displays the number of users that are not required to use an AD logon to access the Unix host.
System Users Displays the number of users marked as system users.
Total Local Users Displays the total number of users found on the managed hosts.

Require AD Logon pane

With Authentication Services 4.x installed and when you are logged on as an Active Directory account in the Manage Hosts role, the Require AD Logon pane displays in the right panel of the All Local Users tab. From this pane, you can search Active Directory for all users in a specific domain or for a specific user, specify the users required to use Active Directory to log onto the host, and view the properties of an Active Directory user.

Table 33: Require AD Logon pane
Option Description

Enter search criteria in the search box to locate objects in Active Directory. After entering one or more characters, click the button to display the search results. The Active Directory objects whose names match (starts with) the characters you entered display if they are located in the container (or subordinate container) you specified in the Search In field.

NOTE: To search for all users in the default domain, leave the Search by name field empty and click

The mangement console uses the Ambiguous Name Resolution (ANR) search algorithm to find matching objects. (See Ambiguous Name Resolution for more information.)

To search in a different container, select the button to locate a container. By default, the mangement console searches the 'entire directory' of the forest configured for Authentication Services.
Search results The results pane lists the Active Directory users found as a result of the search.

To require that a local Unix user use an Active Directory password to log onto the host, you must assign (or "map") the Unix user to an Active Directory user, as follows

  1. From the search results list, select an Active Directory user.
  2. From the All Local Users user list, select one or more local Unix users.
  3. Click the Require AD Logon to Host button at the bottom of the Require AD Logon pane.

The Active Directory user assigned to the selected local Unix user displays in the AD User column of the All Local Users tab.

Select an Active Directory user from the search results list and click Properties at the bottom of the Require AD Logon pane to display the user's properties. You can Unix-enable that Active Directory user from its properties.

Modifying user properties

Modify a local Unix user's properties from either the Users view of a host's properties or the All Local Users tab.

To modify a user's properties

  1. Right-click the user name and choose Properties.

    You can also double-click the user name to open its properties.

  2. On the General tab, modify the user information.
  3. On the Member Of tab, add or remove local groups.
  4. On the AD Logon tab, specify if this user is required to use an Active Directory password to log on to the host. This allows you to "map" a local user to an Active Directory account.

    Note: This feature is only available when you are logged in as an Active Directory user for a host that is joined to Active Directory.

  5. Click OK to save the changes.
  6. On the Log on to Host dialog, enter the user credentials and click OK.

    Note: This task requires elevated credentials.

Local User Properties

The user's properties displays when you double-click a user name or right-click a user name and choose Properties from a host's properties or from the All Local Users tab.

The user properties has these tabs:

  • General
  • Member Of
  • AD Login
Related Documents