立即与支持人员聊天
与支持团队交流

Safeguard Authentication Services 5.0.2 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Upgrade the web console Upgrade Windows components Configure Active Directory Configure Unix agent components Upgrade client components manually Getting started with Safeguard Authentication Services
Getting acquainted with the Control Center Learning the basics
Troubleshooting

Management Console for Unix Configuration

Management Console for Unix allows you to centrally manage Safeguard Authentication Services agents running on Unix, Linux, and macOS systems.

With the management console you can:

  • Remotely deploy the Safeguard Authentication Services agent software.
  • Manage local user and group accounts.
  • Configure account mappings from local users to Active Directory accounts.
  • Report on a variety of security and host access related information.

You can install the management console on supported Unix, Linux, and macOS platforms. Once installed, you can access it from a browser using default port of 9443 or from the Control Center.

You can run the One IdentityManagement Console for Unixmanagement console within the Control Center or you can run it separately in a supported web browser. The management console is a separate install on Windows, Unix, Linux, or macOS that you can launch from the ISO.

Typically, you install one management console per environment to avoid redundancy. One Identity does not advise managing a Unix host by more than one management console in order to avoid redundancy and inconsistencies in stored information. If you manage the same Unix host by more than one management console, you should always re-profile that host to minimize inconsistencies that may occur between instances of the management consoles.

Install instance of Management Console for Unix

You must install an instance of Management Console for Unix in your environment in order to access the Management Console. The installation can be accessed from the Safeguard Authentication Services distribution media:

  1. Double click autorun.exe.
  2. Select Setup | Management Console for Unix.

Access the MCU configuration from the Control Center

From the Control Center, select Preferences then Management Console for Unix Configuration. The configuration for the Management Console for Unix displays. If the Management Console cannot be located, you will see a message like: The Management Console could not be located. Specify a URL where Management Console for Unix is running. The URL can be specified on this page.

Specify the following:

  • Protocol: Enter the SSL/TLS protocol, TCP or UPD. For details, see Network port requirements.
  • Hostname: Enter the host name, for example localhost.
  • Port: The port for the Management Console installation. The default SSL port number is 9443. For details, see Network port requirements.
  • Path: Enter the path. On Unix, the install location is /opt/quest/mcu and you cannot specify an alternate path.
  • URL: Enter the https URL, for example https://<Hostname or IP address>:<port>. Management Console for Unix requires that all connections to the browser are secured with the SSL/TLS protocol. Therefore, you must use the https URL. A http protocol may result in unexpected behavior.

Click Apply.

For more information

For details, go to these sections of this documentation:

Also see the One Identity Management Console for Unix - Administration Guide available on the Safeguard for Authentication Services Technical Documentation page, along with the latest Release Notes.

Learning the basics

The topics in this section help you learn how to do some basic system administration tasks using the Control Center and Management Console for Unix.

Note: The exercises in this section assume that you have successfully installed Safeguard Authentication Services and Management Console for Unix and have added a host to the console and joined it to Active Directory. For more information, see Prepare Unix hosts.

This section shows you how to create the following test user and group accounts used in various examples:

  • A local group name called localgroup
  • A local user object called localuser
  • An Active Directory group object called UNIXusers
  • An Active Directory user object called ADuser

One Identity recommends that you work through the topics in this section in order as a self-directed "test drive" of some of the key product features. You will learn how easy it is to manage your users and groups from the management console.

Adding a local group

You can use the management console to remotely add a local group to the host.

Note: This topic instructs you to set up a local group by the name of "localgroup" referred to by other examples in this guide.

To add a local group to the host

  1. From the Management Console for Unix, open the Host | All Hosts view.
  2. From the All Hosts view, double-click a host name to open its properties.
  3. Select the Groups tab and click Add Group.
  4. In the Add New Group dialog, enter localgroup as a local group name in the Group Name box and click Add Group.
  5. In the Log on to Host dialog, enter your credentials and click OK.

    Note: This task requires elevated credentials. Credential information is entered by default from the cache.

    The new local group account is added to the system and management console.

Adding a local user account

Note: This topic instructs you to set up a local user by the name of "localuser" referred to by other examples in this guide.

To add a local user account

  1. From the Management Console for Unix, open the Host | All Hosts view.
  2. From the All Hosts view, double-click a host name to open its properties.
  3. Select the Users tab from the host properties and click Add User.
  4. In the Add New User dialog:
    1. Enter localuser as a new local user name in the Name box.
    2. Click Select Group browse button next to the GID box, to find and select the local group account you set up in Adding a local group.

      You can also the navigation buttons at the bottom of the list to find and select a group.

    3. Click the Select Shell browse button to find and select a local login shell.
    4. Enter and re-enter a password of your choice and click Add User to add this new local user.
  5. In the Log on to Host dialog, enter your credentials to log in to the host and click OK.

    Note: This task requires elevated credentials. The management console enters this information by default from the cache.

    The new local user account is added to the system and management console.

At this point the new local user is valid for local authentication with the password you just set.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级