Chat now with support
Chat with Support

Safeguard Authentication Services 6.1 - Administration Guide

Privileged Access Suite for UNIX Introducing One Identity Safeguard Authentication Services UNIX administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing UNIX hosts with Group Policy
Safeguard Authentication Services Group Policy
Group Policy Concepts UNIX policies One Identity policies
Display specifiers Troubleshooting Glossary

Setting a new symbolic link

You can set a new symbolic link (a pointer to another file or directory) by performing the following steps.

To set a new symbolic link

  1. Start Group Policy Editor.

  2. Select UNIX Settings > Safeguard Authentication Services > Client Configuration in the scope view.

  3. Double click Symbolic Links.

    The Symbolic Links Properties dialog opens.

  4. Click Add.

    The Symbolic Link dialog opens.

  5. In the Existing File field, type the full UNIX path to the file or directory to link to.

  6. In the Symbolic Link field, type the full UNIX path where you want to create the link.

    NOTE: If the link target does not exist on the UNIX host, it does not create the symbolic link.

  7. Click OK.

Custom Service Configuration

The Custom Service Configuration policy lets you define services that will be set up by Group Policy agents.

The Custom Service Configuration policy lets the administrator define services with a list of files that will be uploaded to the SYSVOL, then downloaded on the client side. You can specify the target path, ownership, and permissions for each file. You can also specify two special scripts. The verification script is used for verifying that a configuration will work properly with the given service. The restart script restarts the service if the verification script was successful.

To configure a service, complete the following steps:

  1. Create the files you want to distribute through Safeguard Authentication Services. Ensure that the file is accessible from your Windows computer.

  2. Start the Group Policy Editor and navigate to UNIX Settings > Safeguard Authentication Services > Client Configuration.

  3. Select Custom Service Configuration.

  4. To create the new service, enter the service name into the text field, then click Add.

  5. Next to Files, click Add.

  6. In Target File Path, enter the full path for the target file in UNIX path format. The path must start with a /, for example /etc/hosts.

  7. In User Name, enter the name of the user that will own this file. If the user does not exist on the UNIX host, the default user will be root.

  8. In Group Name, enter the name of the group that will own this file. If the group does not exist on the UNIX host, the default group will be root (or system on AIX).

  9. Click Set User Rights to indicate that you want to explicitly specify the permissions for the user that owns the file.

  10. Click Set Group Rights option to indicate that you would like to explicitly specify the permissions for the group that owns the file.

  11. Click Set Other Rights option to indicate that you want to explicitly specify the permissions for everyone.

  12. Click Browse and select the file you created in Step 1.

  13. Select Copy File Permanently to permanently copy the file. By default, Safeguard Authentication Services removes copied files when the policy no longer applies. If the policy overwrote an existing file, it will be restored when the policy is no longer applied.

  14. Click OK.

  15. Repeat the previous steps to add all the files for the service.

  16. Click Verification to select the verification script file.

  17. Click Restart to select the restart script file.

  18. Click OK to save the service configuration.

After configuring the services, the Group Policy agent will download every file for each service. Then, for each service, it will run the verification script. If it returns with success, the files are copied and kept and the restart script is run. If the verification script fails, every file in that specific service is restored to their original version and the restart script will not run.

Syslog policy

You can configure which entries go into the UNIX syslog configuration file. Syslog entries are appended to the log and cannot be overridden. However, if there is a duplicate entry, it is only added once to /etc/syslog.conf.

Adding a syslog entry

This section describes how to add a syslog entry.

To add a syslog entry

  1. Start Group Policy Editor.

  2. Select UNIX Settings > Safeguard Authentication Services > Client Configuration in the scope view.

  3. Double click Syslog.

    The Syslog Configuration Properties dialog opens.

  4. Click Add.

    The Syslog Rule dialog opens.

  5. In the Action field, type the syslog action target; enter a file path, a user list, or a host name depending on the type of action you select.

    • Regular File: Enter the absolute UNIX file path to the syslog.conf file. The path must start with a "/".

    • Remote Host: Enter a host name to send the data remotely over to the syslog daemon running on the other machine.

    • User List: Enter a comma delimited list of users. When you select the User List option, it enables the Find button. Click Find to open the Active Directory Select Users dialog.

  6. Select the type of action: Regular File, Remote Host, or User List.

  7. In the Selector section:

    • Choose a facility.

      The Facility is the type of message you want to log.

    • Choose a priority.

      When you select a syslog Priority, it selects that priority plus all priorities listed below it.

      NOTE: To log to a specific priority only on a Linux platform, click Edit and add "=" before the priority name.

    • Click Insert to append these selections to the rule.

  8. Append additional facilities and priorities, as necessary.

  9. Click OK to return to the Syslog Configuration Properties dialog.

  10. Check the Remove local configuration option if you want to replace the syslog file with the new settings. If you leave this option deselected, the new settings are appended to the current syslog file.

    NOTE: If you select the Remove local configuration option, it backs up the old configuration file before it deletes it and applies the new policy.

  11. Click OK.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating