PIM(SAM) : SSH Device cannot be registered
search cancel

PIM(SAM) : SSH Device cannot be registered


Article ID: 113297


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


Customer cannot register SAM endpoint as SSH device.
  User Name: pim 
  Operation Administrator: root
  Administrative Account: N/A
  use Telnet: No
  Configuration flle: None.
If Operation Administrator is blank, it can register without error. SSH on Endpoint is configured denied access by root. And then, customer can login via SSH by pim and su to root.
In ssh.log
2018-08-31 14:29:17,089 171327 [ApacheDS Worker-thread-79] (com.ca.sessame.conn.unix.SSHMethods:130) INFO - getResponse() loop #: 1 sReceived.length:50
2018-08-31 14:29:17,089 171327 [ApacheDS Worker-thread-79] (com.ca.sessame.conn.unix.SSHMethods:201) INFO - executeCommand() temp result :passwd nndop049 Permission denied


OS: Windows
Prod: CA Privileged Identity Manager r12.9 SP2 for SAM
 SAM Endpoint: Solaris 11.3 for SSH device with Japanese Environment


I found prompt of each command is Japanese Message.
SAM expected English message and waited.
So, it failed creating Endpoint with operational administrator.
It seems to be similar at Trouble Shooting on SAM as this page:

SAM SSH Device Timeout:

I ask him set LANG=C command in another command, oChangeOperationAdminPassword and oSubstituteUser, as same as  oChangePassword.
1. login ENTM Server.
2. Move to ACServerInstallDir/Connector Server/conf/override/sshdyn
3. Edit for command at ssh_connector_conf.xml.
 3-1.  find <array name="oSubstituteUser">, <array name="oChangeOperationAdminPassword">, <array name="oChangePassword">
 3-2. add following item after the command entry: 
      <param name="sCommand" value="set LANG=C" /> 
      <param name="iWait" value="500" />