Unix-enabling an Active Directory user
To Unix-enable an Active Directory user
- On the management console's Active Directory tab, open the Find box drop-down menu and choose Users.
- Click
next to the Search by name box to search for all Active Directory users. Or, enter a portion of your ADuser logon name in the Search by name box and press Enter.
- Double-click ADuser, the Active Directory user name, to open its properties.
- On the Unix Account tab, select the Unix-enabled option.
It populates the properties with default Unix attribute values.
- Make other modifications to these settings, if necessary, and click OK to Unix-enable the user.
Note: There are additional settings that you can set using PowerShell which allows you to validate entries for the GECOS, Home Directory, and Login Shell attributes. For more information, see Use Safeguard Authentication Services PowerShell.
Once enabled for Unix, you can log on to the host with that Active Directory user's log on name and password.
Testing the Active Directory user login
Now that you have Unix-enabled an Active Directory user, you can log in to a local Unix host using your Active Directory user name and password.
To test the Active Directory login
- From the Control Center, under Login to remote host, enter:
- Host name: Tthe Unix host name.
- User name: The Active Directory user name, such as ADuser.
Click Login to log in to the Unix host with your Active Directory user account.
- Enter the password for the Active Directory user account.
- At the command line prompt, enter id to view the Unix account information.
- After a successful log in, verify that the user obtained a Kerberos ticket by entering:
/opt/quest/bin/vastool klist
The vastool klist command lists the Kerberos tickets stored in a user's credentials cache. This proves the local user is using the Active Directory user credentials.
- Enter exit to close the command shell.
You just learned how to manage Active Directory users and groups from Management Console for Unix by Unix-enabling an Active Directory group and user account. You tested this out by logging into the Unix host with your Active Directory user name and password. Optionally, you can expand on this tutorial by creating and Unix enabling additional Active Directory users and groups and by testing different Active Directory settings such as account disabled and password expired.
Running reports
You can run various reports that capture key information about the Unix hosts you manage from the management console and the Active Directory domains joined to these hosts from the Reports view on the Reporting tab.
Note: The Active Directory reports are only available when you are logged on as an Active Directory account in the Manage Hosts role.
To run reports
- Ensure the hosts for which you want to create reports have been recently profiled.
Reports only generate data gathered from the clients during a profile procedure. Profiling imports information about the host, including local users and groups.
Note: You can configure the management console to profile hosts automatically. For more information, see Configuring automatic profiling.
- From the management console, click the Reporting tab.
- From the Reports view, expand the report group names to view the available reports, if necessary.
- Host Reports
Unix host information gathered during the profiling process
- User Reports
Local and Active Directory user information
- Group Reports
Local and Active Directory group information
- Access & Privileges Reports
User access information
- License Usage Reports
Product licensing information.
- Host Reports
- Use one of the following methods to select a report:
- Double-click a report name in the list (such as the Unix Host Profiles report).
- Right-click a report name and select Run report.
- Click the report icon
next to a report.
The selected report name opens a new tab on the Reports view that describes the report and provides some report parameters you can select or clear to add or exclude details on the report.
- Optionally clear parameters to exclude information from the report.
- To create a report, either:
- Click Preview to see a sample of the report in a browser.
- Open the Export drop-down menu and select the format you want to use for the report: PDF or CSV (if available).
Note: If the CSV report does not open, you may need to reset your internet options. See CSV or PDF Reports Do Not Open in the online help for details.
By default, the management console creates reports in the application data directory:
- On Windows:
%SystemDrive%:\ProgramData\Quest Software\Management Console for Unix\reports
- On Unix:
/var/opt/quest/mcu/reports
Note: You may need to reconfigure your browser preferences to allow you to save the report in a specific folder.
It launches a new browser or application page and displays the report in the selected format.
Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. See JVM memory tuning suggestions in the Management Console for Unix Administration Guide.
Reports
The management console provides comprehensive reporting which includes reports that can help you plan your deployment, consolidate Unix identity, secure your hosts and troubleshoot your identity infrastructure. The following tables list the reports that are available in Management Console for Unix.
Note: Report availability depends on several factors:
- User Log-on Credentials: While some reports are available when you are logged in as supervisor, there are some reports that are only available when you are logged on as an Active Directory user. See Active Directory Configuration in the online help for details.
- Roles and Permissions: Reports are hidden if they are not applicable to the user's console role. See Console Roles and Permissions System Settings in the online help for details. For example, you must have an activated policy server to activate the sudo-related reports.