Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Join to policy group option is not available

If you run the Check Client for Policy Readiness with no errors and the console indicates that the host is "Ready to join" a policy group, yet the Join to Policy Group option is not available, this topic will help you troubleshoot the issue.

To join a host to a policy group, the host must meet all of the following conditions:

  • When using a sudo policy type, to join a policy group, the selected hosts must have Sudo 1.8.1 (or higher), the Sudo Plugin software installed, and be added and profiled to the mangement console.
  • When using pmpolicy type, the host must have the PM Agent software installed on it. See Installing Privilege Manager agent or plugin software.
  • A service account must be configured on the primary policy server. See Configuring a service account).
  • A policy group must be active. See Activating policy groups.
  • If you select multiple hosts to join, they must be of the same type (sudo or pmpolicy). However, when selecting multiple primary servers, the Join option will be disabled because each primary server belongs to a different policy group.

Once you meet these conditions, you can run the Join to Policy Group option from the Prepare panel of the All Hosts view. See Joining the host to a policy group for details.

Preflight fails because the policy server port is unavailable

If you have the qpm-server installed and you run Check Client for Policy Readiness from the mangement console and it tells you the policy server port is unavailable, check the port to see if another program is using that port.

Policy Change report reports newlines

The Policy Change Report reports newlines as a change in policy. All policy files have newlines at the end by default. If you open a policy in the GUI editor without newlines, it adds a newline to the end of each policy file. The Policy Change Report then reports this action as a change to the policy.

Profile task never completes

If the host remains in a profiling state, it is likely that SSH is improperly configured on that host. Verify that you can SSH to the host manually.

If the host does not reset its profiled state to either Profiled or Not Profiled within a reasonable time, restart the Management Console for Unix service (mcu_service) to reset its profile state. See the Start/stop/restart Management Console for Unix service for details.

Related Documents