Once you have successfully joined a host to an Active Directory domain, use the Groups view on the host's properties to add an Active Directory user to a local group (or remove users from a group).
|
Note: This feature is only available when you are logged on as an Active Directory account in the Manage Hosts role. (See Console Roles and Permissions System Settings for details.) |
To add an Active Directory user to a local group
On the All Hosts view, right-click a host that is joined to an Active Directory domain and choose the Groups.
You can also double-click the host name to open its properties, then click the Groups tab.
Double-click a local group name or right-click the group name and choose Properties to open its properties.
On the group's properties, click the Members tab, open the Add menu and choose AD user.
On the Select Unix-Enabled AD User dialog, search Active Directory to locate user(s) to add.
|
Note: When searching Active Directory, the mangement console only lists Unix-enabled users. (See Unix-Enable an Active Directory User for details.) |
To find a particular user you can filter the list of users. Enter one or more characters in the Search by name box. The mangement console automatically displays the users whose name contains the character(s) you enter.
You can also click to select the container where you want to being the search.
The mangement console adds the selected users(s) to the list on the Members tab with an icon.
Click OK on the Members tab to save your selections.
On the Log on to Host dialog, enter the user credentials to access the selected host and click OK.
This information is pre-populated if you saved the credentials for the host.
|
Note: To remove objects from a local group, select one or more objects from the list on the Members tab and click Remove User. |
Management Console for Unix provides a feature called "Require AD Logon" where you can map local Unix user accounts to Active Directory users accounts. In other words, you can specify an Active Directory user account with which local users can authenticate, or login to a Unix host. Active Directory password policies are enforced requiring that these users use their Active Directory password with their local user name or Active Directory log on name. Local users retain all of their local Unix attributes such as UID Number and Login Shell, but they authenticate using their Active Directory password.
|
Note: This feature is only available if you meet these criteria:
|
Advantages of Requiring Users to Log in with Active Directory Authentication:
By "mapping" a local user to an Active Directory account, the user can log in with his Unix user name and Active Directory password.
This feature, also known as user mapping, allows you to associate an Active Directory user account with a local Unix user. Allowing a local user to log into a Unix host using Active Directory credentials enables that user to take advantage of the benefits of Active Directory security and access control.
To enable a local user for Active Directory authentication
In the mangement console, navigate to Hosts | All Hosts.
Double-click a host to open its properties.
From a host's properties, select the Users tab and double-click a local user account to open its Properties.
|
Note: To set up the local user, see Add Local User. |
On the AD Logon tab, select the Require an AD Password to logon to Host option, and click Select.
On the Select AD User dialog, select the ADuser account and click OK.
|
Note: To set up the Active Directory user, see Add an Active Directory User Account. |
On the local user's properties, click OK.
On the Log on to Host dialog, verify your credentials to log onto the host and click OK.
|
Note: This task requires elevated credentials. |
You have now "mapped" a local user to an Active Directory user and the mangement console indicates that the local user account requires an Active Directory password to log onto the Host in the AD User column.
You can also map multiple Unix users to use a single Active Directory account using the Require AD Logon pane on the All Local Users tab.
To assign (or "map") a Unix user to an Active Directory user
(Click the Directory button to search in a specific folder.)
|
Note: This task requires elevated credentials. |
The Active Directory user assigned to the selected local Unix user displays in the AD User column of the All Local Users tab.
You can view a list of the host accounts that are required to log on using a particular Active Directory account from the All Local Users tab of the mangement console.
|
Note: This feature is only available when you are logged on as an Active Directory account in the Manage Hosts role. (See Console Roles and Permissions System Settings for details.) |
To view local user accounts required to log on with an Active Directory Account
To see which local user accounts are enabled to use Active Directory account credentials
|
Note: The Local Unix Users with AD Logon report is another way to identify the local user accounts that are required to use Active Directory credentials. (See Reports.) |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy