Previous Topic: Implementing UNAB in a Trusted Domains EnvironmentNext Topic: Creating a Windows Agentless Endpoint


How to Register a UNIX Host in a One-Way Trust Domain Environment

When you register the UNIX host in Active Directory, you use a user account with privileges to retrieve users and groups details from Active Directory. If you register the UNIX host in a two-way trust domains environment, you can use a single user account to retrieve users and groups from every Active Directory domain.

In a one-way trust domain environment the Active Directory account that you use to register a UNIX host cannot retrieve data from other Active Directory domains. In a one way trust domains environment, you register the UNIX host with a regular user account from each Active Directory domain.

Further, you can register a UNIX host with an Active Directory shared account and use SAM to manage the account. The user account must have sufficient permissions to retrieve the user and groups attributes from all every Active Directory domain.

To register a UNIX using a domain account, you use SAM integration. Integrating with SAM enables you to manage the registering user account, for example, apply the domain security policy, change the account password automatically and more.

The following diagram illustrates how to register a UNIX host in a one-way trust domain environment:

The diagram displays how to register a UNIX host in a one way trust doamins environment

Note: Dotted lines indicate optional steps.

Follow these steps:

  1. (Optional) To use a shared account to register the UNIX host, follow these steps:
    1. Create a Windows Agentless endpoint.

      You specify the connection details of the Active Directory domain that you use to register each UNIX host.

    2. Discover the registering shared account on the endpoint.

      You run the account discovery wizard on the Windows Agentless endpoint that you created.

    3. Define a password consumer.

      You specify the UNAB endpoint as an SDK password consumer to enable the endpoint to obtain the registering user account password.

  2. Install CA ControlMinder with SAM integration on each UNIX host that has UNAB installed.

    The SAM integration configures the local computer for Shared Accounts Management (SAM). Set the INSTALL_PUPM option to yes to install SAM on the endpoint. For more information about SAM, see the Enterprise Administration Guide.

  3. Verify that UNAB installation successfully completed. Do the following:
    1. Locate the accommon.ini file. By default, the file is located in the following directory:
      /opt/CA/AccessControlShared
      
    2. Locate the Distribution_Server token under the communication section.
    3. Define the Distribution Server URL. For example:
      tcp://ds_dr.comp.com:7222
      

      Note: For more information about the accommon.ini file, see the Reference Guide.

    4. Use the sechkey utility to set the communication password.
    5. Open a selang command-prompt window and enter the following commands:
      er ACVAR unab value("/opt/CA/uxauth/bin/uxauthd")
      
      er ACVAR unab value+("opt/CA/uxauth/bin/uxconsole")
      
  4. Do one of the following: