Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

How To Configure PAS Automatic Password Reconciliation for Local Accounts?

Privilege Analytics Service ,  

26 March,20 at 10:05 PM

Question: How To Configure PAS Automatic Password Reconciliation for Local Accounts?

Answer

1. Go to Resources -> Resources Profiles -> Add Profile 
        User-added image
Note: Scripting option is based on your scripting preference, attached to this KB is a example of such a  script. For more details about using a custom script, please check our product documentation site https://docs.centrify.com/Content/Infrastructure/resources-add/writing-custom-script.htm.  Please be aware that custom scripts are not supported by  Centrfiy Support.

2. Go to System -> Add System and make sure to point the System Type to a resource profile that was created previously.
       User-added image

3. A local administrative account is required to be set in the Unix system

         User-added image

4. It is required to  enable automatic maintenance  on the Unix system in PAS.
         User-added image

5. Run a report to make sure the local account is being managed by PAS (optional)
      Go to Reports and create a custom report that checks if local account is being managed successfully.
      Below is the sql query that can be used to create this custom report.
   SELECT
     VaultAccount.User,
     VaultAccount.Status,
     VaultAccount.IsManaged,
     VaultAccount.LastChange,
     VaultAccount.MissingPassword,
     VaultAccount.NeedsPasswordReset,
     VaultAccount.PasswordResetLastError,
     VaultAccount.PasswordResetRetryCount
   FROM
     VaultAccount

       User-added image

6. Test the login with a local user for that Unix system.
       User-added image
7. Set the local root account as an Admin Account in case the password reconciliation  goes out of sync for the local accounts
      User-added image 
      In activity, it will show the confirmation message that root account is not set up as Admin Account
      User-added image

     Base on preference, if you decide to switch to a different local account as Admin Account, this can be done by selecting Clear as Admin Account and Set As Admin Account with 
     a different local account. 
     User-added image
     
Below are the operating systems and shells that are supported right now.

Operation system:

  • Linux
  • HPUX
  • AIX
  • Solaris
Shells:
  • bash
  • sh
  • csh
  • tcsh
  • zsh
Attachments:
script-dev3.js

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleCentrify 20.1 Release Notes articleCentrify 20.3 Release Notes articleCentrify 19.6 Release Notes articleKB-6041: How to show current license type in use by adclient articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin?