Can I force the user validation against the local windows security instead of the Active Directory one?

book

Article ID: 130042

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

Sometimes, when logging in to a Unix endpoint using the Unix Authorization Broker (UnAB), we may need to validate the user against the local windows security instead of using the Active Directory one.

Can I force the user validation against the local security instead of the Active Directory one?

Environment

PAM Server Control 14.0 and 14.1  SP1 UnAB (Unix Authorization Broker)

Resolution

Use the command opt/CA/uxauth/bin/uxconsole -map <username> -local -force -v

-force
Specifies to force user mapping and overwrite existing mapping or migration status or delete user mapping

-local
Specifies to set the user account as a local exception. If you specify a user as local exception, UNIX Authentication Broker does not manage the user account, although an identical user account may exist in the Active Directory.

Additional Information

See also: uxconsole -map Manage Users Mapping