Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.2 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Upgrade the web console Upgrade Windows components Configure Active Directory Configure Unix agent components Upgrade client components manually Getting started with Safeguard Authentication Services
Getting acquainted with the Control Center Learning the basics
Troubleshooting

Testing the Active Directory user login

Now that you have Unix-enabled an Active Directory user, you can log in to a local Unix host using your Active Directory user name and password.

To test the Active Directory login

  1. From the Control Center, under Login to remote host, enter:
    • Host name: Tthe Unix host name.
    • User name: The Active Directory user name, such as ADuser.

    Click Login to log in to the Unix host with your Active Directory user account.

  2. Enter the password for the Active Directory user account.
  3. At the command line prompt, enter id to view the Unix account information.
  4. After a successful log in, verify that the user obtained a Kerberos ticket by entering: 
    /opt/quest/bin/vastool klist

    The vastool klist command lists the Kerberos tickets stored in a user's credentials cache. This proves the local user is using the Active Directory user credentials.

  5. Enter exit to close the command shell.

You just learned how to manage Active Directory users and groups from Management Console for Unix by Unix-enabling an Active Directory group and user account. You tested this out by logging into the Unix host with your Active Directory user name and password. Optionally, you can expand on this tutorial by creating and Unix enabling additional Active Directory users and groups and by testing different Active Directory settings such as account disabled and password expired.

Running reports

You can run various reports that capture key information about the Unix hosts you manage from the management console and the Active Directory domains joined to these hosts from the Reports view on the Reporting tab.

Note: The Active Directory reports are only available when you are logged on as an Active Directory account in the Manage Hosts role.

To run reports

  1. Ensure the hosts for which you want to create reports have been recently profiled.

    Reports only generate data gathered from the clients during a profile procedure. Profiling imports information about the host, including local users and groups.

    Note: You can configure the management console to profile hosts automatically. For more information, see Configuring automatic profiling.

  2. From the management console, click the Reporting tab.
  3. From the Reports view, expand the report group names to view the available reports, if necessary.
    • Host Reports

      Unix host information gathered during the profiling process

    • User Reports

      Local and Active Directory user information

    • Group Reports

      Local and Active Directory group information

    • Access & Privileges Reports

      User access information

    • License Usage Reports

      Product licensing information.

  4. Use one of the following methods to select a report:
    • Double-click a report name in the list (such as the Unix Host Profiles report).
    • Right-click a report name and select Run report.
    • Click the report icon next to a report.

    The selected report name opens a new tab on the Reports view that describes the report and provides some report parameters you can select or clear to add or exclude details on the report.

  5. Optionally clear parameters to exclude information from the report.
  6. To create a report, either:
    • Click Preview to see a sample of the report in a browser.
    • Open the Export drop-down menu and select the format you want to use for the report: PDF or CSV (if available).

    Note: If the CSV report does not open, you may need to reset your internet options. See CSV or PDF Reports Do Not Open in the online help for details.

    By default, the management console creates reports in the application data directory:

    • On Windows: 
      %SystemDrive%:\ProgramData\Quest Software\Management Console for Unix\reports
    • On Unix: 
      /var/opt/quest/mcu/reports

    Note: You may need to reconfigure your browser preferences to allow you to save the report in a specific folder.

    It launches a new browser or application page and displays the report in the selected format.

Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. See JVM memory tuning suggestions in the Management Console for Unix Administration Guide.

Reports

The management console provides comprehensive reporting which includes reports that can help you plan your deployment, consolidate Unix identity, secure your hosts and troubleshoot your identity infrastructure. The following tables list the reports that are available in Management Console for Unix.

Note: Report availability depends on several factors:

  • User Log-on Credentials: While some reports are available when you are logged in as supervisor, there are some reports that are only available when you are logged on as an Active Directory user. See Active Directory Configuration in the online help for details.
  • Roles and Permissions: Reports are hidden if they are not applicable to the user's console role. See Console Roles and Permissions System Settings in the online help for details. For example, you must have an activated policy server to activate the sudo-related reports.

Host reports

The following reports provide Unix host information that is gathered during the profiling process.

Table 23: Host reports
Report Description
Safeguard Authentication Services Readiness

Provides a snapshot of the readiness of each host to join Active Directory. This report is best used for planning and monitoring migration projects. The basic report includes the following information:

  • Total number of hosts
  • Total number, percentage, and names of the hosts ready to join
  • Total number, percentage, and names of the hosts ready to join with advisories
  • Total number, percentage, and names of the hosts not ready to join
  • Total number of hosts not checked for AD readiness

Use the following report parameters to define details to include in the report.

  • Joined to AD
  • Ready to Join AD
  • Ready to Join AD with Warnings
  • Not Ready to Join AD
  • Not Checked for Readiness

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

Privilege Manager Readiness

Provides a snapshot of the readiness of each host to join a policy group. The basic report includes the following information:

  • Total number of hosts
  • Total number, percentage, and names of the hosts ready to join
  • Total number, percentage, and names of the hosts not ready to join
  • Total number of hosts not checked for readiness

Use the following report parameters to define details to include in the report.

  • Joined to a policy group
  • Ready to join a policy group
  • Ready to join a policy group with warnings
  • Not ready to join a policy group
  • Not checked for readiness

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Sudo Policy role or the Audit Sudo Policy role.

Unix Computers in AD

Lists all Unix computers in Active Directory in the requested scope.

By default, this report is created using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.

Unix Host Profiles

Summarizes information gathered during the profiling process of each managed host. This report includes the following information:

  • Total number of hosts included in the report
  • Host Name, IP Address, OS, Hardware
  • Sudo version number

Use the following report parameters to define details to include for each host.

  • Safeguard Authentication Services Properties
  • Privilege Manager Properties
  • Local Users
  • Local Groups
  • Host SSH Keys
  • Installed One Identity Software

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating