Chat now with support
Chat with Support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Checking readiness

Once you add and profile hosts, the mangement console allows you to perform a series of tests to verify that a host meets the minimum requirements to configure a policy server or join a remote host to either a Privilege Manager policy group or an Active Directory domain. Running the readiness checks does NOT require elevated privileges.

To check readiness

  1. Select one or more hosts on the All Hosts view of the Hosts tab.

  2. Open the Check menu from the Prepare panel of the task bar and choose

    1. Check Policy Server Readiness
    2. Check Client for Policy Readiness
    3. Check Host for AD readiness
    4. Check QAS agent status
    5. Check QAS agent status automatically

    Note: You must add and profile a Privilege Manager Policy Server to the mangement console and set it as Active before the Check Client for Policy Readiness option is available on the Check menu.

    You must be logged on as the supervisor or an Active Directory account in the Manage Hosts Role to perform any task on the Check menu.

    See the following topics for more information about these options:

Working with host systems

Management Console for Unix simplifies local host management on Unix, Linux, and Mac systems.

Install software on hosts

Once a you have successfully added and profiled one or more hosts, you can remotely deploy software products to them from the mangement console.

The Install Software dialog displays when you select the Install Software toolbar button.

From this dialog, select the software products you want to deploy and install on the selected hosts.

Note: If you do not see all of these software packages, verify that the path to the software packages is correctly set in System Settings. Refer to:

Available software components

You can install the following software products remotely from the mangement console:

  • Privilege Manager (3 items)
    • Sudo Plugin - Select to install a component that enables the host to use a centrally managed sudoers policy file located on the Privilege Manager primary server from the mangement console.

      Note: Before installing the Sudo Plugin, please see Configuring a service account.

    • Privilege Manager Agent - Select to install a component that enables the host to use a centrally managed pmpolicy policy file located on the primary policy server from the mangement console.

      Note: Before installing the Privilege Manager Agent, please see Configuring a service account.

    • Privilege Manager Policy Server - Select to install the Privilege Manager Policy Server which provides central policy management, granular access control reporting, as well as the ability to enable, gather, store and playback keystroke logs.

      Note: Centralized policy management and keystroke logging are licensed separately.

    Note: When you install the Privilege Manager Policy Server it installs all three Privilege Manager for Unix packages on that host. However, once you have installed the Sudo Plugin onto a remote host, the mangement console will not allow you to install the PM Agent on that host; and once you have installed the PM Agent onto a remote host, the mangement console will not allow you to install the Sudo Plugin on that host.

  • Authentication Services (5 items)
    • Authentication Services Agent (Required) - Select to allow Active Directory users access to selected host. Authentication Services provides centralized user and authentication management. It uses Kerberos and LDAP to provide secure data transport and an authentication framework that works with Microsoft Active Directory. Components include: vasd, nss_vas, pam_vas, and vastool.
    • Authentication Services for Group Policy (Required) - Select to install the Group Policy component which provides Active Directory Group Policy support for Unix, Linux, and Mac platforms.
    • Authentication Services for NIS - Select to install the NIS Proxy component which provides the NIS compatibility features for Authentication Services. vasyp is a NIS daemon that acts as a ypserv replacement on each host.
    • Authentication Services for LDAP - Select to install the LDAP Proxy component which provides a way for applications that use LDAP bind to authenticate users to Active Directory without using secure LDAP (LDAPS). Instead of sending LDAP traffic directly to Active Directory domain controllers, you can configure applications to send plain text LDAP traffic to vasldapd by means of the loopback interface. vasldapd proxies these requests to Active Directory using Kerberos as the security mechanism.
    • Dynamic DNS Updater - Select to install the Dynamic DNS Updater component which provides a way to dynamically update host records in DNS and can be triggered by DHCP updates.
  • Defender (1 item)
    • Defender PAM Module - Select to install the Defender authentication components for PAM based Unix/Linux systems. Includes PAM module, documentation and utilities to appropriately configure the PAM subsystem for Active Directory/Defender OTP authentication.

For more information about installing software components:

Using the console search options

Management Console for Unix provides both basic and advanced search options to help you find and select hosts from the All Hosts view or user accounts from the All Local Users tab.

Related Documents