A likely cause for this may be that your PAM SC installation is configured not to recognize OS users. There is a setting in seos.ini,
osuser_enabled, whereby if set to no the OS users will not be recognized by PAM SC
If this is so, when you log in into the system as one of the users that should be monitored by being member of the corresponding group (e.g
ssh [email protected]) and you run
sewhoami -a as that user, you will see that the user is listed as
_undefined, and the
User type as logical.
KBL cannot audit the _undefined user as well as the logical user type.
You need to
- Stop PAM SC (secons -sk)
- Edit seos.ini (usually under /opt/CA/PAMSC), look for the osuser_enabled setting and set it to yes
- Restart PAM SC (seload)