Chat now with support
Chat with Support

Safeguard Authentication Services 4.2.3 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Authentication Services Upgrade the web console Upgrade Authentication Services Windows components Configure Active Directory for Authentication Services Configure Unix agent components Upgrade Authentication Services client components manually Getting started with Authentication Services Troubleshooting

Logging Options

The Logging Options section allows you to enable logging for all Authentication Services Windows components. This setting only applies to the local computer. Logging can be helpful when trying to troubleshoot a particular problem. Because logging causes components to run slower and use more disk space, you should set the Log Level to Disabled when you are finished troubleshooting.

Enabling debug logging on Windows

To enable debug logging for all Authentication Services Windows components

  1. Open Control Center and click Preferences on the left navigation pane.
  2. Expand the Logging Options section.
  3. Open the Log level drop-down menu and set the log level to Debug.

    Debug generates the most log output. Higher levels generate less output. You can set the Log level to Disabled to disable logging.

  4. Click to specify a folder location where you want to write the log files.

    Authentication Services Windows components log information into the specified log folder the next time they are loaded. Each component logs to a text file named after the DLL or EXE that generates the log message.

Custom Unix Attributes

The Unix schema attributes are fully customizable in Authentication Services. The Custom Unix Attributes section allows you to see which LDAP attributes are mapped to Unix attributes. You can modify this mapping to enable Authentication Services to work with any schema configuration. To customize the mapping, you select a schema template or specify your own custom attributes. A schema template is a pre-defined set of common mappings which adhere to common schema extensions for storing Unix data in Active Directory. Authentication Services supports the following schema templates if the required schema is installed:

Table 16: Unix schema attributes
Schema Template Description

Schemaless

A template that encodes Unix attribute data in an existing multi-valued attribute.

Windows R2

A template that uses attributes from the Windows 2003 R2 schema extension.

Services for Unix 2.0

A template that uses attributes from the SFU 2.0 schema extension.

Services for Unix 3.0

A template that uses attributes from the SFU 3.0 schema extension.

BEST PRACTICE: Use a schema designed for storing Unix data in Active Directory whenever possible. Schemas designed for storing Unix data in Active Directory include: Windows 2003 R2, SFU 2, and SFU 3. Only use "schemaless" or custom mappings if it is impossible to make schema extensions in your environment.

NOTE: If you are running Authentication Services without an application configuration in your forest and your domain supports Windows 2003 R2, you can enable Authentication Services to use the Windows 2003 R2 schema. However, note that some functionality provided by the Authentication Services application configuration will be unavailable. For more information, see Configure Windows 2003 R2 Schema in the mangement console online help.

Active Directory schema extensions

Authentication Services stores Unix identity and login information in Active Directory. One Identity designed Authentication Services to provide support for the following standard Active Directory schema extensions.

Table 17: Active Directory schema extensions
Schema extension Description
Windows 2003 R2 Schema This schema extension is provided by Microsoft and adds support for the PosixAccount auxiliary class, used to store Unix attributes on user and group objects.
Services for Unix 2.0 Microsoft provides this schema extension with the Services for Unix 2.0 set of tools. It adds custom attributes to user and group objects, used to store Unix account information.
Services for Unix 3.0 Microsoft provides this schema extension with the Services for Unix 3.0 set of tools. It adds custom attributes to user and group objects, used to store Unix account information.

It is possible to customize the schema setup to work with any schema configuration with Authentication Services. No schema extensions are necessary with the new "schemaless" storage feature. When you configure Authentication Services for the first time, Authentication Services attempts to auto-detect the best schema configuration for your environment. The schema configuration is a global application setting that applies to all Authentication Services management tools and Unix agents. You can change the detected settings at any time using Control Center.

Related Documents