Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Installing and uninstalling the console on Unix and Linux

Use this procedure to install the mangement console on the designated Unix computer from the command line with the installation script.

To install the mangement console on a Unix platform

  1. Log in and open a root shell.
  2. Mount the installation media and navigate to console | server.
  3. Run the following command from the Unix command line as root:
    # sh ManagementConsoleForUnix_unix_2_5_2.sh

    You can use one of the following options:

    • -q option for "quiet" mode, which automatically accepts all the default settings.
    • -c option for "console" mode, which prompts you for information interactively.

    Note: Using no option starts the installer in a graphical user interface if you have an X server, making the installation experience similar to running it from the Windows autorun. See Installing and uninstalling the console on Windows for details.

    In "console" mode, it asks you for the following information.

  4. Enter 1 to accept the user agreement.
  5. Enter the SSL Port number, or press Enter to accept the default of 9443.
  6. Enter the Non-SSL Port number or press Enter to accept the default of 9080.

    The install wizard extracts and copies the files, configures and starts the service, and so forth.

    Note: On Unix, the install location is /opt/quest/mcu and you cannot specify an alternate path.

    To continue the installation and configuration process, go to Setting up Management Console for Unix.

To uninstall Management Console for Unix from Unix

Note: The default for the uninstaller is to remove everything. Before you uninstall Management Console for Unix, if you plan to re-install Management Console for Unix and want to preserve your data, backup your application database. The application database contains information about the hosts, settings, users, groups, passwords, and so forth.

By default, the database directory is at: /var/opt/quest/mcu.

  1. Run the following command as root:
    • To uninstall version 1.0, run:

      /opt/quest/imu/uninstall

    • To uninstall version 2.x, run:

      /opt/quest/mcu/uninstall

    You can use one of the following options with the uninstall command:

    • -q option for "quiet" mode, which automatically accepts all the default settings, including removing the application database and logs.
    • -c option for "console" mode, which prompts you for information interactively.

    Note: Using no option starts the uninstaller in a graphical user interface.

  2. If in "console" mode, confirm whether you want to remove the application database and application logs or not.

    This option is useful if you plan to re-install Management Console for Unix and want to preserve your data. The default for the uninstaller is to remove everything.

The wizard uninstalls Management Console for Unix.

Launching the Management Console

Use one of the following methods to launch the mangement console:

  1. If you selected the Create desktop shortcut option on the Complete dialog, select the Management Console for Unix shortcut from your Windows desktop.
  2. If you selected the Create Start menu item option on the Complete dialog, from your Windows desktop, navigate to Start | Programs | Quest Software | Management Console for Unix | Management Console for Unix.
  3. You can also open your web browser and enter the URL of the web application server by entering:
    https://<Hostname or IP address>:<port>

    For example, entering https://localhost:9443 launches the mangement console that was installed locally using the default port of 9443.

    Note: Management Console for Unix requires that all connections to the browser are secured with the SSL/TLS protocol. Therefore, you must use the https URL. If you accidentally enter the http URL, you may encounter unexpected behavior (for example, on Firefox, you are asked to save a file to disk). See Installing a production certificate for details.

To launch the mangement console from Unix or Linux

  1. Open your web browser and enter the URL of the web application server:
    https://<Hostname or IP address>:<port>

    For example, entering https://localhost:9443 launches the mangement console that was installed locally using the default port of 9443.

Note: If you are using Management Console for Unix with Authentication Services 4.x, you can also launch the mangement console from within the Control Center.

  1. Select Management Console from the left-hand navigation pane of the Home page.

Setting up Management Console for Unix

The first time you launch the mangement console, the Setup One IdentityManagement Console for Unix wizard leads you through some post-installation configuration steps.

Choose one of these options:

  • Skip the Active Directory configuration, I'll do that later from the console

    This option allows you to use the core features of the console and limits access to the console to the default supervisor account only. See What are the core features of the console for details.

  • Walk me through the configuration steps for using AD user accounts for logon to the console

    When you configure the console for Active Directory, you unlock additional Active Directory features.

    Note: To use the mangement console with Authentication Services, or to use roles to allow access to the console using Active Directory, you must configure the console for Active Directory log on.

Choose an option and click Next.

Note: If you choose the "Skip" option, the Identify Console dialog displays. See Identify console.

If you choose the "Walk" option, it allows you to configure the console for Active Directory log on. See Configure console for Active Directory logon.

Note: If you can not configure the console for Active Directory during your initial installation of Management Console for Unix, choose the "Skip" option. After the installation, log into the console as supervisor and configure the console for Active Directory from System Settings. See Active Directory configuration for details.

Configure console for Active Directory logon

The Setup Management Console for Unix wizard opens the Configure Console for Active Directory Logon dialog when you choose the Walk me through the configuration steps for using AD user accounts for logon to the console option.

To configure the mangement console for Active Directory logon

  1. On the Configure Console for Active Directory Logon dialog, enter a valid Active Directory domain in the forest, in the form example.com.

  2. Enter the credentials for an Active Directory account that has log-on rights.

    Enter a sAMAccountName, which uses the default domain or a User Principal Name, as in username@domain. The wizard uses these credentials to configure the mangement console for use with Active Directory.

    Note: This is a read-only operation; no changes are made to Active Directory.

  3. Click Connect to Active Directory.

  4. When you see the message that indicates the console connected to Active Directory successfully, click Next.

    The Set up console access by role dialog opens.

Related Documents