Release NotesKnown IssuesInstallation Known Issues › PUPM Installation Known Issues

Previous Topic: UNAB Endpoint Installation Known Issues

Next Topic: Server Component Installation Known Issues

PUPM Installation Known Issues

This section describes installation known issues for PUPM.

"No Such Method" or "Failed to Reset Password" Error Message for Access Control for PUPM Endpoint Types

Valid on Linux

When you install the Enterprise Management Server on a Linux computer, you receive the following error message when you define Access Control for PUPM endpoints: "No Such Method".

If you specify that CA Access Control Enterprise Management resets a privileged account password on check in, when a user checks in a privileged account on an Access Control for PUPM endpoint they receive the following error message: "Failed to Reset Password".

Follow these steps:

  1. Stop the Java Connector Server. Do the following:
    1. Navigate to the following directory, where ACServerInstallDir refers to the directory where the Enterprise Management Server is installed: 
      ACServerInstallDir/Connector_Server/bin
    2. Run the following command: 
      ./im_jcs stop

      The Java Connector Server stops.

  2. Open the im_jcs script for editing.
  3. Locate and remove the following line from the script: 
    PREJAR="$FULLBASEPATH/bin/jcs-bootstrap.jar:$FULLBASEPATH/
conf:$FULLBASEPATH/lib/jcs.jar:"`echo $FULLBASEPATH/
lib/apacheds-server-main-*-app.jar`
  4. Copy the following line and paste it into the script: 
    PREJAR="$FULLBASEPATH/bin/jcs-bootstrap.jar:$FULLBASEPATH/
conf:$FULLBASEPATH/lib/jcs.jar:$FULLBASEPATH/
lib/nlog4j__V1.2.25.jar:"`echo $FULLBASEPATH/lib/apacheds-server-main-*-app.jar`

    Important! Delete the carriage returns in the line after you paste it into the script.

  5. Save the file.
  6. Start the Java Connector Server. 
    ./im_jcs start

    The Java Connector Server starts. You can now configure the Access Control for PUPM endpoint type.

Cannot Create Privileged Accounts on Solaris 9

Valid on Solaris 9

You cannot create privileged accounts on Solaris 9 because the password change command is different than the one used by PUPM. To work around this problem, do the following:

  1. On the Enterprise Management Server, navigate to the following directory, where ACServerInstallDir indicates the directory where you installed the Enterprise Management Server: 
    ACServerInstallDir/Connector Server/conf/override/sshdyn
  2. Locate the file ssh_connector_conf.xml and save a copy of the file with another name.
  3. Open the file you copied and locate the following entry: 
    <param name="sCommand" value="passwd [%%user%%]" />
  4. Modify the passwd value to the following: 
    <param name="sCommand" value="passwd -r files [%%user%%]" />
  5. Save and close the file.
  6. Create the endpoint type in CA Access Control Enterprise Management and specify the name of the configuration file you modified.
PUPM SSH Device Cannot Set Password If UNAB Is Installed on the Endpoint

Valid on Solaris

If UNAB is installed on a CA Access Control for UNIX endpoint that is configured as a PUPM SSH device, PUPM cannot set privileged account passwords on that endpoint. The reason is that PUPM runs the passwd command without specifying an argument.

To work around this issue

  1. Create an ssh.xml file using the ssh_connector_conf.xml file. By default, this file is located in the following directory: 
    \AccessControlServerDir\Connector Server\conf\override\sshdyn\
  2. Locate the <param name="sCommand" value="passwd [%%user%%]" /> tag.
  3. Add the value "-r files" to the "sCommand" parameter. For example: 
    <param name="sCommand" value="passwd -r files [%%user%%]" />
  4. Save and close the file.

Important! Verify that you create an SSH device endpoint in CA Access Control Enterprise Management and specify the file you created in the Configuration File field.