Chat now with support
Chat with Support

Safeguard Authentication Services 4.2.3 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Authentication Services Upgrade the web console Upgrade Authentication Services Windows components Configure Active Directory for Authentication Services Configure Unix agent components Upgrade Authentication Services client components manually Getting started with Authentication Services Troubleshooting

Unix-enabling an Active Directory user

To Unix-enable an Active Directory user

  1. On the mangement console's Active Directory tab, open the Find box drop-down menu and choose Users.
  2. Click next to the Search by name box to search for all Active Directory users. Or, enter a portion of your ADuser logon name in the Search by name box and press Enter.
  3. Double-click ADuser, the Active Directory user name, to open its properties.
  4. On the Unix Account tab, select the Unix-enabled option.

    It populates the properties with default Unix attribute values.

  5. Make other modifications to these settings, if necessary, and click OK to Unix-enable the user.

    Note: There are additional settings that you can set using PowerShell which allows you to validate entries for the GECOS, Home Directory, and Login Shell attributes. For more information, see Use Authentication Services PowerShell.

    Once enabled for Unix, you can log on to the host with that Active Directory user's log on name and password.

Testing the Active Directory user login

Now that you have Unix-enabled an Active Directory user, you can log in to a local Unix host using your Active Directory user name and password.

To test the Active Directory login

  1. From the Control Center, under Login to remote host, enter:
    • Host name: Tthe Unix host name.
    • User name: The Active Directory user name, such as ADuser.

    Click Login to log in to the Unix host with your Active Directory user account.

  2. Enter the password for the Active Directory user account.
  3. At the command line prompt, enter id to view the Unix account information.
  4. After a successful log in, verify that the user obtained a Kerberos ticket by entering:
    /opt/quest/bin/vastool klist

    The vastool klist command lists the Kerberos tickets stored in a user's credentials cache. This proves the local user is using the Active Directory user credentials.

  5. Enter exit to close the command shell.

You just learned how to manage Active Directory users and groups from Management Console for Unix by Unix-enabling an Active Directory group and user account. You tested this out by logging into the Unix host with your Active Directory user name and password. Optionally, you can expand on this tutorial by creating and Unix enabling additional Active Directory users and groups and by testing different Active Directory settings such as account disabled and password expired.

Running reports

You can run various reports that capture key information about the Unix hosts you manage from the mangement console and the Active Directory domains joined to these hosts from the Reports view on the Reporting tab.

Note: The Active Directory reports are only available when you are logged on as an Active Directory account in the Manage Hosts role.

To run reports

  1. Ensure the hosts for which you want to create reports have been recently profiled.

    Reports only generate data gathered from the clients during a profile procedure. Profiling imports information about the host, including local users and groups.

    Note: You can configure the mangement console to profile hosts automatically. For more information, see Configuring automatic profiling.

  2. From the mangement console, click the Reporting tab.
  3. From the Reports view, expand the report group names to view the available reports, if necessary.
    • Host Reports

      Unix host information gathered during the profiling process

    • User Reports

      Local and Active Directory user information

    • Group Reports

      Local and Active Directory group information

    • Access & Privileges Reports

      User access information

    • License Usage Reports

      Product licensing information.

  4. Use one of the following methods to select a report:
    • Double-click a report name in the list (such as the Unix Host Profiles report).
    • Right-click a report name and select Run report.
    • Click the report icon next to a report.

    The selected report name opens a new tab on the Reports view that describes the report and provides some report parameters you can select or clear to add or exclude details on the report.

  5. Optionally clear parameters to exclude information from the report.
  6. To create a report, either:
    • Click Preview to see a sample of the report in a browser.
    • Open the Export drop-down menu and select the format you want to use for the report: PDF or CSV (if available).

    Note: If the CSV report does not open, you may need to reset your internet options. See CSV or PDF Reports Do Not Open in the online help for details.

    By default, the mangement console creates reports in the application data directory:

    • On Windows:
      %SystemDrive%:\ProgramData\Quest Software\Management Console for Unix\reports
    • On Unix:
      /var/opt/quest/mcu/reports

    Note: You may need to reconfigure your browser preferences to allow you to save the report in a specific folder.

    It launches a new browser or application page and displays the report in the selected format.

Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. See JVM memory tuning suggestions in the Management Console for Unix Administration Guide.

Reports

The mangement console provides comprehensive reporting which includes reports that can help you plan your deployment, consolidate Unix identity, secure your hosts and troubleshoot your identity infrastructure. The following tables list the reports that are available in Management Console for Unix.

Note: Report availability depends on several factors:

  • User Log-on Credentials: While some reports are available when you are logged in as supervisor, there are some reports that are only available when you are logged on as an Active Directory user. See Active Directory Configuration in the online help for details.
  • Roles and Permissions: Reports are hidden if they are not applicable to the user's console role. See Console Roles and Permissions System Settings in the online help for details. For example, you must have an activated policy server to activate the sudo-related reports.

Related Documents