Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Safeguard Authentication Services 4.1.5 - Management Console for Unix Administration Guide

Table of Contents

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix

What's New in Management Console for Unix 2.5 What Are the Core Features of the Console? How Management Console for Unix Works

Installing Management Console for Unix

System Requirements

Network Port Requirements

Installing the Management Console

Installing and Uninstalling the Console on Windows Installing the Console From the Windows Command Line Installing and Uninstalling the Console on Unix Installing and Uninstalling the Console on Mac Installing and Uninstalling the Console From the Mac Command Line

Launching the Management Console Setup Management Console for Unix

Configure the Console for Active Directory Logon Setup Console Access by Role Identify Console Set Supervisor Password Dialog Summary Dialog

Management Console for Unix Log On Page Getting Started Tab Upgrade Quest Identity Manager for Unix

Reset Custom Configuration Settings

Upgrade Management Console for Unix

Preparing Unix Hosts

Add Host(s) to the Management Console Rename Host Profile Host(s)

Profile Hosts Automatically View the Auto-Profile Status View the Auto-Profile Heartbeat Errors

Check Readiness

Working with Host Systems

Install Software on Host(s) Using the Console Search Options

Basic Search Options Advanced Search Options Save Search Criteria Remove Saved Searches

Filter All Hosts View Content Review Host Properties Remove Host(s) from Management Console SSH to Host Import SSH Host Key

Managing Local Groups

Add Local Group Search for Groups Modify Group Properties Add Users to a Local Group Remove User from Local Group Delete Local Group Review the Local Unix Groups Report

Managing Local Users

Add Local User Search for Users Modify User Properties Modify Multiple User's Properties Reset Local User's Password System Users

Mark System Users Manually Mark Multiple System Users

Delete Local User Review the Local Unix Users Report

Active Directory Integration

Enable Active Directory Features Add an Active Directory Group Account Add an Active Directory User Account Search for Active Directory Objects View or Modify Active Directory User Properties View or Modify Active Directory Group Properties

Authentication Services Integration

Install Authentication Services Configure Active Directory for Authentication Services

Configuring Active Directory for Authentication Services About Active Directory Configuration

View the Authentication Services Agent Columns Set Authentication Services Software Path Check Host for AD Readiness

Review the Authentication Services Readiness Report

Install Authentication Services Software Packages

Upgrade Authentication Services

Join Host(s) to Active Directory

Optional Join Commands Unjoin Host from Active Directory

Configure Host Access Control Check QAS Agent Status

Check QAS Agent Status Manually Check QAS Agent Status Automatically View the QAS Status Errors View the QAS Status Heartbeat Errors

Add AD User to a Local Group Mapping Local Users to Active Directory Users

Enable Local User for AD Authentication List Local Users Required to Use AD Authentication

Test the Mapped User Login Configuring the Console to Recognize Unix Attributes in AD Unix-Enable an Active Directory Group

Review the Unix-enabled AD Groups Report

Unix-Enable an Active Directory User

Review the Unix-enabled AD Users Report

Test the Active Directory User Login

Privilege Manager Integration

Getting Started Configure a Primary Policy Server

Check Policy Server Readiness Install the Privilege Manager Packages Configure the Primary Policy Server Join the Host to a Policy Group

Unjoin Host from Policy Group

Configure a Secondary Policy Server

Configure Secondary Policy Server

Install PM Agent or Sudo Plugin on a Remote Host

Check Client for Policy Readiness Install Privilege Manager Agent or Plugin Software

Managing Security Policy

Open Policy Files

Rolling Back the Policy File

Edit Panel Commands Editing PM Policy Files

Default Roles (or Profiles) Modify Privilege Manager Role Properties

Override Role Property Defaults Role Property Variables

Add a New Privilege ManagerPrivilege Manager Role Add a New Privilege Manager Restricted Shell Role Add New Privilege Manager Role Based on an Existing Role Save Policy Files Delete Privilege Manager Role Change Policy Version Review Policy Changes Manage Role Defaults Modifying PM Policy Files With the Text Editor

Review the Access & Privileges by User Report Review the Access & Privileges by Host Report

Event Logs and Keystroke Logging

Enable Keystroke Logging Record Keystrokes List Events and Replaying Keystroke Logs

Replay Log Controls

Run Reports Reports

Host Reports User Reports Group Reports Access & Privileges Reports Product Licenses Usage Reports

Setting Preferences

User Preferences

General User Preferences

SSH Terminal Access to Host Set Default Domain

Host Credentials User Preferences

Modify Saved Host Credentials Remove Saved Host Credentials

System Settings

General System Settings

Duplicate SSH Host Keys Set Session Timeout Mark Host System Users Automatically Console Information Settings

Publish Console to Active Directory

Change Supervisor Account Password Set Custom Privilege Elevation Commands

Console Roles and Permissions System Settings

Add (or Remove) Role Members Review the Console Access & Privileges Report

Active Directory System Settings

Active Directory Configuration

Advanced Settings Default Logon Domain

Privilege Manager System Settings

Configure a Service Account Unconfigure a Service Account Activate Policy Groups Deactivate Policy Groups Software & Licenses

Set Privilege Manager Software Path Check for Privilege Manager Licenses Privilege Manager License Alerts

Authentication Services System Settings

Set Authentication Services Software Path Authentication Services License Alerts Check for Authentication Services Licenses Import Authentication Services Licenses Configure Windows 2003 R2 Schema

Management Console for Unix Server and Console

Authenticating the Supervisor User Authenticating Active Directory Users Using Windows Integrated Authentication Authenticating Active Directory Users Using a Username and Password Installing a Production Certificate

Generating a Custom SSL/TLS Certificate and Key Pair for Management Console for Unix Import Certificate to Trusted Domains on Windows and Mac Import Certificate to Trusted Domains on Unix or Linux Disabling SSL/TLS Encryption

Customizing HTTP and SSL/TLS Ports Change Allowed Ciphers

Active Directory Managed Unix Hosts

Managing SSH Host Keys Known_hosts File Format Handling Changes to SSH Host Keys Detecting Multiple Hosts With the Same Key Caching Unix Host Credentials

Security of Credential Caching

Database Security Summary of Security Recommendations

Troubleshooting Tips

Auto Profile Issues

Auto Profile Takes a Long Time Auto Profile Returns an Error

Active Directory Issues

Active Directory Connectivity Issues Unable to Configure Active Directory Active Directory is Disabled Active Directory Tasks Are Disabled

Auditing and Compliance Cannot Create a Service Connection Point Check Authentication Services Agent Status Commands Not Available CSV or PDF Reports Do Not Open Database Port Number Is Already in Use Elevation Is Not Working Hosts Do Not Display Import File Lists Fakepath Information Does Not Display in the Console Java Applet Failures

Java Control Panel

License Info in Report is not Accurate Out of Memory Error Post Install Configuration Fails on Unix or Mac Privilege Manager Feature Issues

Join to Policy Group Failed Join to Policy Group Option is Not Available Preflight Fails Because the Policy Server Port is Unavailable Policy Editor Is Not Available Policy Editor Runs Slow Policy Change Report Reports Newlines

Profile Task Never Completes questusr Account was Deleted Readiness Check Failed Recovering From a Failed Upgrade Reports Are Slow Reset the Supervisor Password Running on a Windows 2008 R2 Domain Controller Service Account Login Fails Setting Custom Configuration Settings

Customize Auto-Task Settings Enable Debug Log

Single Sign-on (SSO) Issues

Configure a Firefox Web Browser for SSO Configure an IE Web Browser for SSO Disable Single Sign-on (SPNEGO/HTTP Negotiation) Disable SSPI for Single Sign-on Enable SSO for Remote Browser Clients

JVM Memory Tuning Suggestions Start/Stop/Restart Management Console for Unix Service

Linux or Solaris Machines HP Unix (HPUX) Machine Windows Machine Mac OS X Machine

Tool Bar Buttons Are Not Enabled UID or GID Conflicts

System Maintenance

Backup Procedure Restore Procedure

Command Line Utilities

MCU PowerShell Cmdlets and Unix CLI Commands MCU PowerShell Cmdlets

Installing MCU PowerShell Cmdlets Viewing MCU PowerShell Cmdlet Help Information

Unix CLI Commands

Installing Unix CLI Packages Uninstalling Unix CLI Packages Upgrading the Unix CLI Packages

Mac CLI Commands

Installing Mac CLI Packages Installing Mac CLI Packages Using the GUI

Examples of Using Command Line Utilities

Connect to the Console Add Host to the Console Create Local Group Across all Managed Hosts Add a Local User to a Group on Each Managed Host Add Localuser to a Group on All Linux Machines Get a User on a Specific Computer Find a UID on a Computer Remove All Credentials Stored in the Console for a Specific Host Set a Local User's Password View a Group’s Membership

Accessing the Web Services Web Services Web Services Examples

Database Maintenance

Database Location and Files Database Backup Procedure Database States

Database Security

Security > Database Security

The Management Console for Unix server communicates with a database on port 9001 over the loopback interface. The password used is randomly generated at install time. One Identity recommends that you configure a local firewall to exclude remote access to this port. For information on how to change the default port on which the database runs, see Database Port Number Is Already in Use.

Summary of Security Recommendations

Security > Summary of Security Recommendations

One Identity recommends that you implement the following to secure the data used by Management Console for Unix:

When authenticating Active Directory users for access to Management Console for Unix make sure that the server is installed on a machine that is joined to the Active Directory forest you wish to manage.
Install an SSL/TLS key pair and certificate that is signed by a Certification Authority that will be trusted by all users' browsers.
Directly import SSH host keys using a known_hosts file, or the Import SSH Host Key tool bar command; or manually verify the fingerprints by disabling the Automatically accept SSH keys option when profiling.
Configure a local firewall to restrict remote access to the database port (Default port is 9001).

Troubleshooting Tips

Troubleshooting Tips

To help you troubleshoot, One Identity recommends the following resolutions to some of the common problems you might encounter as you deploy and use Management Console for Unix.

Note: Simply re-profiling a host can resolve issues caused when the host is out of sync with the server.

Auto Profile Issues

Troubleshooting Tips > Auto Profile Issues

The following topics may help you resolve some problems related to Auto Profiling.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy