Instead of modifying password entries directly, you can map local Unix users to Active Directory accounts using map files.
To configure a user mapping file
vastool configure vas vas_auth user-map-files /etc/user-map
|
Note: This example configures Authentication Services to use /etc/user-map for user mappings. You can specify any filename. |
The format is <local user name>:<sAMAccountName@domain>.
If you want to map a local user named jdoe to the Active Directory account for johnd@example.com, add the following line to the file:
jdoe:johnd@example.com
You can only map the root account to an Active Directory account using the mapped-root-user setting in vas.conf.
To map the root user to an Active Directory account
vastool configure vas vas_auth mapped-root-user Administrator@example.com
|
Note: If you specify mapped-root-user on AIX you must set VASMU on the system line of the root section in /etc/security/user. Refer to your AIX system documentation for more information. |
Self enrollment allows users to map their Unix account to an Active Directory account as they log in to Unix. This mapping occurs as part of the standard PAM login. Users are first prompted for their Unix password. Once authenticated to Unix, they are prompted to authenticate to Active Directory. This process happens on the first log in after you enable self enrollment. Once the self enrollment is complete, the user logs in with his Unix user name and Active Directory password.
To enable self enrollment:
vastool configure vas vas_auth enable-self-enrollment true
|
Note: All users mapped by the self-enrollment process are stored in the /etc/opt/quest/vas/automatic_mappings file. |
/etc/init.d/vasd restart
/sbin/init.d/vasd restart
stopsrc -s vasd startsrc -s vasd
|
Note: Due to library changes between the Authentication Services 3.x and 4.1, One Identity recommends that you restart all long-lived processes that use Authentication Services data to force a reload of the newer libraries. For example, you must restart cron. |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy