If you installed Management Console for Unix on a Unix or Mac computer that has Authentication Services installed and is joined to an Active Directory domain and encountered the following error message when running the post installation configuration of the mangement console: 'Can't find domain controller for <domain>', verify your installation configuration.
To verify the installation configuration on a Mac
Note: If the computer is not joined to a domain, you could have configured the mangement console for any domain reachable by DNS.
/opt/quest/bin/vastool -u host/ -k <path_to_keytab> info id
Note: Typically, the host.keytab file is located at: /etc/opt/quest/vas/host.keytab.
Kerberos requires that the Management Console for Unix server and Active Directory domain controller clocks are within five minutes of each other.
Management Console for Unix integrates with Privilege Manager, including the ability to centrally manage policy. The following topics may help you resolve some of the common problems you might encounter.
When you join a remote Sudo Plugin host to a policy group you are required to enter a password in the Joined password box. The Join password is the password for the pmpolicy user that was set when the qpm-server was configured. (See Configure the Primary Policy Server for details.)
If the Join operation does not recognize the pmpolicy user password, you will receive an error message with the following snippet:
Enter password for pmpolicy@<host>: [FAIL] - Failed to copy file using ssh. - Error: Failed to add the host to the list of known hosts (/var/opt/quest/qpm4u/pmpolicy/.ssh/known_hosts). Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). ** Failed to setup the required ssh access. ** The pmpolicy password is required to copy a file to the primary ** policy server. ** To complete this configuration, please rerun this command and ** provide the correct password.
Run the Join operation again entering a correct password.
If you run the Check Client for Policy Readiness with no errors and the console indicates that the host is "Ready to join" a policy group, yet the Join to Policy Group option is not available, this topic will help you troubleshoot the issue.
To join a host to a policy group, the host must meet all of the following conditions:
Once you meet these conditions, you can run the Join to Policy Group option from the Prepare panel of the All Hosts view (see Join the Host to a Policy Group for details).