Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Integrating with GPMC
Display specifiers Troubleshooting

Final Review

The Final Review view allows you to review the proposed changes before any information is written to the directory. When you click Next from this view the proposed changes are applied to the directory.

If you are unsure whether you want to apply the changes at this time, you can click the Save import session button to save the current session data to a text file. You can review the information and apply the changes at a later time by running the Unix Account Import Wizard again and selecting Resume saved import session.

Results

The Results view confirms that the import is complete. If any problems were encountered, the import errors are reported on this view.

Click Save to save the import results to a text file.

Unix account management in large environments

In large Active Directory environments it is always a challenge to provide optimal performance and functionality. Authentication Services provides configuration settings that might help you improve performance in an enterprise deployment.

User and group search paths

Each Unix host running Authentication Services builds a persistent cache of user and group information. By default, the cache is built from users and groups in the joined domain. It is possible to change the search base from which the users or groups are loaded by using the group-search-path and user-search-path options. These search paths can either restrict the location from which the users and groups are loaded, or you can specify a search base in an entirely different domain. This is useful in organizations that use resource domains, where computer objects are stored in a separate domain from the domains where users and groups are located.

You can specify a group or user search path using the -g or -u options to the vastool join command. The following command joins the Unix host to the computers.example.com domain, and loads users from the base of the sub.example.com domain:

vastool -u admin join -u DC=sub,DC=example,DC=com computers.example.com 

You can change the default user or group search base at any time by adding the group-search-path and user-search-path options in the [vasd] section of vas.conf and running vastool flush. See the vas.conf man page for an example of user and group search paths.

Related Documents