Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.3 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Integrating with GPMC
Display specifiers Troubleshooting

Import Source Selection

The Import Source Selection page allows you to select the source of your Unix account information by clicking on an item in the list. You can only import from a single source, but you can run the Account Importer several times to capture data from multiple sources. Options include:

  • Local Files

    Import Unix account information from text files in /etc/passwd format stored on the local host.

    You can easily migrate local users to Active Directory by exporting a file from the Master /etc/passwd List report accessible from mangement console's Reports page, then importing it into the Unix Account Import Wizard accessible from the Authentication ServicesControl CenterTools navigation link.

    NOTE: By default, creates the Master_etc_passwdList .csv file in the Application Data directory: On Windows XP/2003 Server: %SystemDrive%:\Documents and Settings\All Users\Application Data\Quest Software\Management Console for Unix\reportsOn Windows 2008 Server/Vista/7: %SystemDrive%:\ProgramData\Quest Software\Management Console for Unix\reportsOn Unix/Mac: /var/opt/quest/mcu/reportsBy default, Management Console for Unix creates the Master_etc_passwdList .csv file in the Application Data directory:

    • On Windows XP/2003 Server:

      %SystemDrive%:\Documents and Settings\All Users\Application Data\Quest Software\Management Console for Unix\reports

    • On Windows 2008 Server/Vista/7:

      %SystemDrive%:\ProgramData\Quest Software\Management Console for Unix\reports

    • On Unix/Mac OS X:

      /var/opt/quest/mcu/reports

    NOTE: You can also use vastool utilities from a Unix server command line, such as vastool load, to assist you in migrating local users to Active Directory. (See the vastool man page located in the docs directory of the installation media.)

  • NIS Server

    Import Unix account information directly from the passwd and group maps of an active NIS server.

  • Remote Unix Host

    Import Unix account information directly from /etc/passwd or /etc/group files stored on a remote Unix host. This option uses SSH to retrieve the remote data so you must have an SSH login on the remote Unix host.

  • Existing Unlinked Unix Personalities

    Use this option to link orphaned or newly created Unix personalities with Active Directory users and groups. This option does not create new objects in Active Directory. It provides a way to quickly find and link Unix personalities using matching rules. This option is only available when the Unix Account Import Wizard is launched from Active Directory Users and Computers in the context of a Primary UPM container. (Right click on a UPM container and select All Tasks | Unix Tasks | Unix Account Import Wizard)

  • Saved Import Session

    Use this option to resume an import session that was saved previously.

  • Existing Active Directory objects

    Use this option to create Unix personality objects based on existing Active Directory users and groups. This is helpful when creating new personality containers which are pre-populated with a set of personality objects linked to existing users and groups.

Account matching rules

When Unix-enabling existing users or importing personalities, you can specify rules that automatically associate Unix accounts to Active Directory accounts.

Search base selection

Select the Active Directory search base to use when matching Unix accounts to Active Directory accounts. All user and group objects found under the selected search base will be considered for matching. This can reduce the network load when importing user and group accounts. You can also use the search base to restrict the set of accounts to a particular container or organizational unit.

Account association

The Account Association page allows you to customize account associations when linking Unix accounts to Active Directory accounts. The Unix Account Import Wizard attempts to automatically match the Unix account information to Active Directory accounts using the specified matching rules. If the Import Wizard finds multiple matches, it displays a message warning you of a conflict. You can select it from the matches or click the ... option to browse Active Directory for a different account. The tool bar filter buttons allow you to filter out matched items from the list. With the filter enabled, items disappear from the list as you match the Unix information to Active Directory accounts.

You can click the tool bar button to permanently remove the selected item from the list. Click the 3 Red X's tool bar button to permanently remove all visible items from the list.

Related Documents