Chat now with support
Chat with Support

Safeguard Authentication Services 4.2 - Evaluation Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Installing and configuring Authentication Services Getting started with Authentication Services

Adding an Active Directory group account

Authentication Services provides additional tools to help you manage different aspects of migrating Unix hosts into an Active Directory environment. Links to these tools are available from Tools in the Control Center.

Note: This topic instructs you to set up an Active Directory group by the name of "UNIXusers" referred to by other examples in this guide.

To create a new group in Active Directory

  1. In the Control Center, click Tools on the left navigation pane.
  2. From the Tools window, click the Authentication Services Extensions for Active Directory Users and Computers link.

    The Active Directory Users and Computers Console opens.

    Note: Windows 7: You must have the Remote Server Administration Tools installed and enabled.

  3. Expand the domain folder and select the Users folder.
  4. Click the New Group icon button.

    The New Object - Group dialog opens.

  5. Enter UNIXusers in the Group name box and click OK.

Adding an Active Directory user account

Note: The following procedure instructs you to use ADUC (Active Directory Users and Computers) to set up an Active Directory user by the name of "ADuser" referred to by other examples in this guide.

To create an Active Directory user account

  1. In the Active Directory Users and Computers console, select the Users folder and click the New User icon button.
  2. On the New Object - User dialog, enter information to define a new user named ADuser and click Next.

    The New Object - User wizard guides you through the user setup process.

  3. When you enter a password, clear the User must change password at next logon option, before you click Next.
  4. Click Finish.
  5. Close Active Directory Users and Computers and return to the mangement console.

Changing the default Unix attributes

You can modify the Unix attributes that are generated by default when users are Unix-enabled. To change the Login Shell you must have rights to create and delete child objects in the Authentication Services application configuration in Active Directory.

To change the default Unix attributes

  1. Open the Control Center and click Preferences on the left navigation pane.
  2. Expand Global Unix Options.

    The window displays the current settings for Unix-enabling users, groups and the method used for creating unique IDs.

  3. Click Modify Global Unix Options on the right side of the window.

    The Modify Global Options dialog opens.

  4. Change the Login Shell to /bin/bash and click OK.

    The defaults are saved to Active Directory.

Note: Now, when you Unix-enable a user from Active Directory Users and Computers, PowerShell, or the Unix command line, the login shell defaults to /bin/bash. You can customize the other Unix defaults similarly.

Active Directory account administration

The topics that follow show you how to perform Active Directory account administration from Management Console for Unix for hosts that are joined to Active Directory.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating