Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Evaluation Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Installing and configuring Authentication Services Getting started with Authentication Services

Test the Active Directory user login

Now that you have Unix-enabled an Active Directory user, you can log into a local Unix host using your Active Directory user name and password.

To test the Active Directory login

  1. From the Control Center, under "Login to remote host", enter:
    • the Unix host name in the Host name box
    • the Active Directory user name, such as ADuser, in the User name box

    and click Login to log onto the Unix host with your Active Directory user account.

  2. Enter the password for the Active Directory user account.
  3. At the command line prompt, enter id to view the Unix account information.
  4. After a successful log in, verify that the user obtained a Kerberos ticket by entering:
    /opt/quest/bin/vastool klist

    The vastool klist command lists the Kerberos tickets stored in a user's credentials cache. This proves the local user is using the Active Directory user credentials.

  5. Enter exit to close the command shell.

You just learned how to manage Active Directory users and groups from Management Console for Unix by Unix-enabling an Active Directory group and user account. You tested this out by logging into the Unix host with your Active Directory user name and password. Optionally, you can expand on this tutorial by creating and Unix enabling additional Active Directory users and groups and by testing different Active Directory settings such as account disabled and password expired.

Run reports

You can run various reports that capture key information about the Unix hosts you manage from the mangement console and the Active Directory domains joined to these hosts from the Reports view on the Reporting tab.

Note: The Active Directory reports are only available when you are logged on as an Active Directory account in the Manage Hosts role.

To run reports

  1. Ensure the hosts for which you want to create reports have been recently profiled.

    Reports only generate data gathered from the clients during a Profile procedure. Profiling imports information about the host, including local users and groups.

    Note: You can configure the mangement console to profile hosts automatically. (For more information, see Profile automatically.)

  2. From the mangement console, click the Reporting tab.
  3. From the Reports view, expand the report group names to view the available reports, if necessary.
    • Host Reports

      Unix host information gathered during the profiling process

    • User Reports

      Local and Active Directory user information

    • Group Reports

      Local and Active Directory group information

    • Access & Privileges Reports

      User access information

    • License Usage Reports

      Product licensing information.

  4. Use one of the following methods to select a report:
    • Double-click a report name in the list (such as the Unix Host Profiles report).
    • Right-click a report name and select Run report.
    • Click the report icon next to a report.

    The selected report name opens a new tab on the Reports view which describes the report and provides some report parameters you can select or clear to add or exclude details on the report.

  5. Optionally clear parameters to exclude information from the report.
  6. To create a report, either
    • Click Preview to see a sample of the report in a browser.
    • Open the Export drop-down menu and select the format you want to use for the report: PDF or CSV (if available).

    Note: If the CSV report does not open, you may need to reset your internet options. (See CSV or PDF Reports Do Not Open in online help for details.)

    By default, the mangement console creates reports in the application data directory:

    • On Windows XP/2003 Server:
      %SystemDrive%:\Documents and Settings\All Users\Application Data\Quest Software\Management Console for Unix\reports
    • On Windows 2008 Server/Vista/7:
      %SystemDrive%:\ProgramData\Quest Software\Management Console for Unix\reports
    • On Unix/Mac OS X:
      /var/opt/quest/mcu/reports

    Note: You may need to reconfigure your browser preferences to allow you to save the report in a specific folder.

    It launches a new browser or application page and displays the report in the selected format.

Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. (See Tune JVM Memory in the online help for details.)

Reports

The mangement console provides comprehensive reporting which includes reports that can help you plan your deployment, consolidate Unix identity, secure your hosts and troubleshoot your identity infrastructure. The following tables list the reports that are available in Management Console for Unix.

Note: Report availability depends on several factors:

  • User Log-on Credentials: While some reports are available when you are logged in as supervisor, there are some reports that are only available when you are logged on as an Active Directory user. (See Active Directory Configuration in online Help for details.)
  • Roles and Permissions: Reports are hidden if they are not applicable to the user's console role. (See Console Roles and Permissions System Settings in online Help for details.) For example, you must have an activated policy server to activate the sudo-related reports.

Host reports

Table 17: Host reports
Report Description
Authentication Services Readiness

Provides a snapshot of the readiness of each host to join Active Directory. This report is best used for planning and monitoring migration projects. The basic report includes the following information:

  • Total number of hosts
  • Total number, percentage and names of the hosts ready to join
  • Total number, percentage and names of the hosts ready to join with advisories
  • Total number, percentage and names of the hosts not ready to join
  • Total number of hosts not checked for AD readiness

Use the following report parameters to define details to include in the report.

  • Joined to AD
  • Ready to Join AD
  • Ready to Join AD with Warnings
  • Not Ready to Join AD
  • Not Checked for Readiness

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

Privilege Manager Readiness

Provides a snapshot of the readiness of each host to join a policy group. The basic report includes the following information:

  • Total number of hosts
  • Total number, percentage and names of the hosts ready to join
  • Total number, percentage and names of the hosts not ready to join
  • Total number of hosts not checked for readiness

Use the following report parameters to define details to include in the report.

  • Joined to a policy group
  • Ready to join a policy group
  • Ready to join a policy group with warnings
  • Not ready to join a policy group
  • Not checked for readiness

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Sudo Policy role or the Audit Sudo Policy role.

Unix Computers in AD

Lists all Unix computers in Active Directory in the requested scope.

By default, this report is created using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.

Unix Host Profiles

Summarizes information gathered during the profiling process of each managed host. This report includes the following information:

  • Total number of hosts included in the report
  • Host Name, IP Address, OS, Hardware
  • Sudo version number

Use the following report parameters to define details to include for each host.

  • Authentication Services Properties
  • Privilege Manager Properties
  • Local Users
  • Local Groups
  • Host SSH Keys
  • Installed One Identity Software

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

Related Documents