Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.2 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Upgrade the web console Upgrade Windows components Configure Active Directory Configure Unix agent components Upgrade client components manually Getting started with Safeguard Authentication Services
Getting acquainted with the Control Center Learning the basics
Troubleshooting

Enabling local user for AD authentication

This feature, also known as user mapping, allows you to associate an Active Directory user account with a local Unix user. Allowing a local user to log in to a Unix host using Active Directory credentials enables that user to take advantage of the benefits of Active Directory security and access control.

To enable a local user for Active Directory authentication

  1. From the management console, open the Host | All Hosts view.
  2. From the All Hosts view, double-click a host to open its properties.
  3. Select the Users tab and double-click the localuser account to open its properties.

    Note: To set up this local user account, see Adding a local user account.

  4. In the AD Logon tab, select the Require an AD Password to logon to Host option, and click Select.
  5. In the Select AD User dialog, click the Search button to populate the list of Active Directory users, select the ADuser account, and click OK.

    Note: To set up this Active Directory user, see Adding an Active Directory user account.

  6. On the localuser's properties, click OK.
  7. In the Log on to Host dialog, verify your credentials to log in to the host and click OK.

    You have now mapped a local user to an Active Directory user and the management console indicates that the local user account requires an Active Directory password to log onto the Host in the AD User column.

You can also map multiple Unix users to use a single Active Directory account using the Require AD Logon pane on the All Local Users tab.

To assign (or "map") a Unix user to an Active Directory user

  1. From the All Local Users tab, select one or more local Unix users.
  2. In the Require AD Logon pane, click the Search button to populate the list of Active Directory users.

    (Click the Directory button to search in a specific folder.)

  3. Select an Active Directory user and click the Require AD Logon to Host button at the bottom of the Require AD Logon pane.
  4. In the Log on to Host dialog, verify your credentials to log in to the host and click OK.

    Note: This task requires elevated credentials.

The Active Directory user assigned to the selected local Unix users displays in the AD User column of the All Local Users tab.

Testing the mapped user login

Once you have mapped a local user to an Active Directory user, you can log in to the local Unix host using your local user name and the Active Directory password of the Active Directory user to whom you are mapped.

To test the mapped user login

  1. From the Control Center, under Login to remote host, enter:
    • Home name: The Unix host name.
    • User name: The local user name, localuser.

    Click Login to log in to the Unix host with your local user account.

  2. If the PuTTY Security Alert dialog opens, click Yes to accept the new key.
  3. Enter the password for ADuser, the Active Directory user account you mapped to localuser, when you selected the Require an AD Password to logon to Host option on the user's properties.
  4. At the command line prompt, enter id to view the Unix account information.
  5. Enter /opt/quest/bin/vastool klist to see the credentials of the Active Directory user account.
  6. Enter exit to close the command shell.

You just learned how to manage local users and groups from Management Console for Unix by mapping a local user account to an Active Directory user account. You tested this by logging into the Unix host with your local user name and the password for the Active Directory user account to whom you are mapped.

Unix-enabling an Active Directory group

To Unix-enable an Active Directory group

  1. On the management console's Active Directory tab, open the Find box drop-down menu and choose Groups.
  2. Enter a group name, such as UNIX, in the Search by name box and press Enter.
  3. Double-click the group name, such as UNIXusers, to open its properties.

    Note: To set up this Active Directory user account, see Adding an Active Directory group account.

  4. On the Unix Account tab, select the Unix-enabled option and click OK.

Unix-enabling an Active Directory user

To Unix-enable an Active Directory user

  1. On the management console's Active Directory tab, open the Find box drop-down menu and choose Users.
  2. Click next to the Search by name box to search for all Active Directory users. Or, enter a portion of your ADuser logon name in the Search by name box and press Enter.
  3. Double-click ADuser, the Active Directory user name, to open its properties.
  4. On the Unix Account tab, select the Unix-enabled option.

    It populates the properties with default Unix attribute values.

  5. Make other modifications to these settings, if necessary, and click OK to Unix-enable the user.

    Note: There are additional settings that you can set using PowerShell which allows you to validate entries for the GECOS, Home Directory, and Login Shell attributes. For more information, see Use Safeguard Authentication Services PowerShell.

    Once enabled for Unix, you can log on to the host with that Active Directory user's log on name and password.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating