PIM(SAM) : SSH Device cannot be registered
Article ID: 113297
Updated On:
Products
CA Virtual Privilege Manager
CA Privileged Identity Management Endpoint (PIM)
CA Privileged Access Manager (PAM)
Issue/Introduction
Customer cannot register SAM endpoint as SSH device.
User Name: pim
Operation Administrator: root
Administrative Account: N/A
use Telnet: No
Configuration flle: None.
If Operation Administrator is blank, it can register without error. SSH on Endpoint is configured denied access by root. And then, customer can login via SSH by pim and su to root.
In ssh.log
2018-08-31 14:29:17,089 171327 [ApacheDS Worker-thread-79] (com.ca.sessame.conn.unix.SSHMethods:130) INFO - getResponse() loop #: 1 sReceived.length:50
2018-08-31 14:29:17,089 171327 [ApacheDS Worker-thread-79] (com.ca.sessame.conn.unix.SSHMethods:201) INFO - executeCommand() temp result :passwd nndop049 Permission denied
User Name: pim
Operation Administrator: root
Administrative Account: N/A
use Telnet: No
Configuration flle: None.
If Operation Administrator is blank, it can register without error. SSH on Endpoint is configured denied access by root. And then, customer can login via SSH by pim and su to root.
In ssh.log
2018-08-31 14:29:17,089 171327 [ApacheDS Worker-thread-79] (com.ca.sessame.conn.unix.SSHMethods:130) INFO - getResponse() loop #: 1 sReceived.length:50
2018-08-31 14:29:17,089 171327 [ApacheDS Worker-thread-79] (com.ca.sessame.conn.unix.SSHMethods:201) INFO - executeCommand() temp result :passwd nndop049 Permission denied
Environment
OS: Windows
Prod: CA Privileged Identity Manager r12.9 SP2 for SAM
SAM Endpoint: Solaris 11.3 for SSH device with Japanese Environment
Prod: CA Privileged Identity Manager r12.9 SP2 for SAM
SAM Endpoint: Solaris 11.3 for SSH device with Japanese Environment
Resolution
I found prompt of each command is Japanese Message.
SAM expected English message and waited.
So, it failed creating Endpoint with operational administrator.
It seems to be similar at Trouble Shooting on SAM as this page:
SAM SSH Device Timeout:
https://docops.ca.com/ca-privileged-identity-manager/12-9-02/EN/troubleshoot/troubleshoot-sam/#TroubleshootSAM-SAMSSHDeviceTimeout
I ask him set LANG=C command in another command, oChangeOperationAdminPassword and oSubstituteUser, as same as oChangePassword.
1. login ENTM Server.
2. Move to ACServerInstallDir/Connector Server/conf/override/sshdyn
3. Edit for command at ssh_connector_conf.xml.
3-1. find <array name="oSubstituteUser">, <array name="oChangeOperationAdminPassword">, <array name="oChangePassword">
3-2. add following item after the command entry:
<item>
<param name="sCommand" value="set LANG=C" />
<param name="iWait" value="500" />
</item>
SAM expected English message and waited.
So, it failed creating Endpoint with operational administrator.
It seems to be similar at Trouble Shooting on SAM as this page:
SAM SSH Device Timeout:
https://docops.ca.com/ca-privileged-identity-manager/12-9-02/EN/troubleshoot/troubleshoot-sam/#TroubleshootSAM-SAMSSHDeviceTimeout
I ask him set LANG=C command in another command, oChangeOperationAdminPassword and oSubstituteUser, as same as oChangePassword.
1. login ENTM Server.
2. Move to ACServerInstallDir/Connector Server/conf/override/sshdyn
3. Edit for command at ssh_connector_conf.xml.
3-1. find <array name="oSubstituteUser">, <array name="oChangeOperationAdminPassword">, <array name="oChangePassword">
3-2. add following item after the command entry:
<item>
<param name="sCommand" value="set LANG=C" />
<param name="iWait" value="500" />
</item>
Feedback
Yes
No
Powered by
