Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Management Console for Unix Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix Hosts Working with Host Systems Managing Local Groups Managing Local Users Active Directory Integration Authentication Services Integration Privilege Manager Integration Reporting Setting Preferences Security Troubleshooting Tips
Auto Profile Issues Active Directory Issues Auditing and Compliance Cannot Create a Service Connection Point Check Authentication Services Agent Status Commands Not Available CSV or PDF Reports Do Not Open Database Port Number Is Already in Use Elevation Is Not Working Hosts Do Not Display Import File Lists Fakepath Information Does Not Display in the Console Java Applet Failures License Info in Report is not Accurate Out of Memory Error Post Install Configuration Fails on Unix or Mac Privilege Manager Feature Issues Profile Task Never Completes questusr Account was Deleted Readiness Check Failed Recovering From a Failed Upgrade Reports Are Slow Reset the Supervisor Password Running on a Windows 2008 R2 Domain Controller Service Account Login Fails Setting Custom Configuration Settings Single Sign-on (SSO) Issues JVM Memory Tuning Suggestions Start/Stop/Restart Management Console for Unix Service Tool Bar Buttons Are Not Enabled UID or GID Conflicts
System Maintenance Command Line Utilities Web Services Database Maintenance

Review the Local Unix Users Report

The Local Unix Users report lists all users on all hosts.

Note: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

To create the Local Unix Users report

  1. From the mangement console, navigate to Reporting.
  2. From the Reports view, double-click the Local Unix Users report name.

    The report opens a new Local Unix Users tab on the Reporting view.

  3. To locate a specific user, use a combination of the following report parameters:
    • User Name contains
    • UID Number is
    • Primary GID Number is
    • Comment (GECOS) contains
    • Home Directory contains
    • Login Shell contains

    Note: When you specify multiple report parameters, it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate the user account.

    If you do not define a specific user, it includes all local users on each profiled host in the report.

Active Directory Integration

You can configure mangement console for Active Directory so that you can perform basic Active Directory operations, such as searching for Active Directory users, groups, or computers. With Active Directory credentials that have proper permissions, you can also modify specific properties of these Active Directory objects.

Note: Management Console for Unix is limited to managing users, security groups, and computers. Other Active Directory object types (such as distribution groups and contacts) are not displayed by the console.

The topics in this section explain how to search for and locate Active Directory users, groups and computers, and how to manage the Active Directory users who are permitted to authenticate to your non-Windows systems. For a detailed description of these tasks, please refer to the online help.

Enable Active Directory Features

If you initially configured the Management Console for Unix core features to manage local Unix users and groups and now want to use the Active Directory features, you must configure the mangement console for Active Directory.

Note: (See Active Directory Configuration for more information.)

When you configure the mangement console for Active Directory, you can perform these basic Active Directory operations:

  • Search for Active Directory objects
  • View or modify Active Directory user, security group, and computer object properties

    Note: You must have permissions in Active Directory to modify Active Directory object properties.

You can unlock these additional Active Directory features when you install Authentication Services 4.x on hosts you manage with Management Console for Unix:

  • Join systems to Active Directory and implement AD-based authentication for Unix, Linux, and Mac systems.
  • Activate the Unix Account and Local User Accounts tabs on Active Directory user properties dialog.
  • Activate the Unix Account tab on the Active Directory group properties dialog.
  • Map a Unix user to an Active Directory user.
  • Create reports about Active Directory Unix-enabled users and groups.
  • Create Logon Policy for AD User and Logon Policy for Unix Host reports that show which user is permitted to log into which Unix host.

Note: See Configure Active Directory for Authentication Services for more information about setting up the console for full Active Directory functionality.

Add an Active Directory Group Account

Note: The following procedure instructs you to use ADUC (Active Directory Users and Computers) to set up an Active Directory group by the name of "UNIXusers" referred to by other examples in this guide.

To create a new group in Active Directory

  1. From the Start menu navigate to Administrative Tools | Active Directory Users and Computers.

    The Active Directory Users and Computers Console opens.

    Note:

    • Windows Vista/Windows 7 or 8: You must have the Remote Server Administration Tools installed and enabled.
    • Windows 2003/Windows XP: You must have the Windows 2003 Server Administration Tools installed.

  2. Expand the domain folder and select the Users folder.

  3. Click the New Group button.

    The New Object - Group dialog opens.

  4. Enter UNIXusers in the Group name box and click OK.

Authentication Services provides additional tools to help you manage different aspects of migrating Unix hosts into an Active Directory environment. Links to these tools are available from Tools in the Control Center.

Related Documents