Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Evaluation Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Installing and configuring Authentication Services Getting started with Authentication Services

Active Directory optimization

Indexing certain attributes used by the Authentication Services Unix agent can have a dramatic effect on the performance and scalability of your Unix and Active Directory integration project. The Custom Unix Attributes panel in the Preferences section of Control Center displays a warning if the Active Directory configuration is not optimized according to best practices.

One Identity recommends that you index the following attributes in Active Directory.

  • User UID Number
  • User Unix Name
  • Group GID Number
  • Group Unix Name

Note: LDAP display names vary depending on your Unix attribute mappings.

It is also a best practice to add all Unix identity attributes to the global catalog. This reduces the number of Active Directory lookups that need to be performed by Authentication Services Unix agents.

Click the Optimize Schema link to run a script that updates these attributes as necessary.

Note: The Optimize Schema option is only available if you have not optimized the Unix schema attributes defined for use in Active Directory.

This operation requires administrative rights in Active Directory. If you do not have the necessary rights to optimize your schema, it generates a schema optimization script. You can send the script to an Active Directory administrator who has rights to make the necessary changes.

All schema optimizations are reversible and no schema extensions are applied in the process.

Learning the basics

The topics in this section help you learn how to do some basic system administration tasks using the Control Center and Management Console for Unix.

Note: The exercises in this section assume that you have successfully installed Authentication Services and Management Console for Unix and have added a host to the console and joined it to Active Directory. (See Prepare Unix hosts.)

This section shows you how to create the following test user and group accounts used in various examples:

  • A local group name called "localgroup"
  • A local user object called "localuser"
  • An Active Directory group object called "UNIXusers"
  • An Active Directory user object called "ADuser"

One Identity recommends that you work through the topics in this section in order as a self-directed "test drive" of some of the key product features. You will learn how easy it is to manage your users and groups from the mangement console.

Add a local group

You can use the mangement console to remotely add a local group to the host.

Note: This topic instructs you to set up a local group by the name of "localgroup" referred to by other examples in this guide.

To add a local group to the host

  1. From the Management Console for Unix Host tab's All Hosts view, double-click a host name to open its properties.
  2. Select the Groups tab and click Add Group.
  3. In the Add New Group dialog, enter localgroup as a local group name in the Group Name box and click Add Group.
  4. In the Log on to Host dialog, enter your credentials and click OK.

    Note: This task requires elevated credentials. Credential information is entered by default from the cache.

    The new local group account is added to the system and mangement console.

Add local user account

Note: This topic instructs you to set up a local user by the name of "localuser" referred to by other examples in this guide.

To add a local user account

  1. From the All Hosts view, double-click a host name to open its properties.
  2. Select the Users tab from the host properties and click Add User.
  3. In the Add New User dialog,
    1. Enter localuser as a new local user name in the Name box.
    2. Click Select Group browse button next to the GID box, to find and select the local group account you set up in Add a local group.

      You can also the navigation buttons at the bottom of the list to find and select a group.

    3. Click the Select Shell browse button to find and select a local login shell.
    4. Enter and re-enter a password of your choice and click Add User to add this new local user.
  4. On the Log on to Host dialog, enter your credentials to log onto the host and click OK.

    Note: This task requires elevated credentials. The mangement console enters this information by default from the cache.

    The new local user account is added to the system and mangement console.

At this point the new local user is valid for local authentication with the password you just set.

Related Documents