PAM-CM-3455: No Password Authority Windows Proxy specified
Article ID: 132595
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
The addTargetApplication CLI command is not working correctly for the “windows” application type, which is used for Windows Proxy target applications. We are not able to set multiple values for attributes - Attribute.dnsServer and Attribute.agentId using a comma separated list as documented at https://docops.ca.com/ca-privileged-access-manager/3-2-4/en/implementing/protect-privileged-account-credentials/identify-target-applications-and-connectors/add-a-windows-proxy-connector/windows-proxy-target-connector-cli-configuration.
Using the Remote CLI on Windows, we get the following error:
>capam_command capam=<pamserver FQDN> adminUserID=super cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-WIN TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS Attribute.dnsServer=10.10.10.111,10.10.10.112 Attribute.agentId=1001,1002
Enter password:
<CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>5052</cr.statusCode><cr.statusDescription>PAM-CM-3455: No Password Authority Windows Proxy specified.</cr.statusDescription><cr.result></cr.result></CommandResult>
Using the Remote CLI on Windows, we get the following error:
>capam_command capam=<pamserver FQDN> adminUserID=super cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-WIN TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS Attribute.dnsServer=10.10.10.111,10.10.10.112 Attribute.agentId=1001,1002
Enter password:
<CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>5052</cr.statusCode><cr.statusDescription>PAM-CM-3455: No Password Authority Windows Proxy specified.</cr.statusDescription><cr.result></cr.result></CommandResult>
Environment
PAM 3.2.4, but may be observed at other releases as well
Cause
On Windows comma-separated lists that are not put in quotes can result in command argument parsing problems.
Resolution
On Windows (cmd.exe) enclose attribute values with comma-separated lists in quotes, like this:
>capam_command capam=<pamserver> adminUserID=super adminPassword=<password> cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-WIN TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS Attribute.dnsServer="10.10.10.111,10.10.10.112" Attribute.agentId="1001,1002"
This is not necessary when using the remote CLI on UNIX/Linux. The following command will work just fine on a UNIX or Linux host:
# ./capam_command -n <pamserver> -u super -p <password> cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-UNIX TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS Attribute.dnsServer=10.10.10.111,10.10.10.112 Attribute.agentId=1001,1002
If you are using Power Shell on Windows, you need to put arguments with comma-separated lists into variables similar to the following:
> $DNSserverArg='Attribute.dnsServer="10.10.10.111,10.10.10.112"'
> $PAMproxiesArg='Attribute.agentId="1001,1002"'
> .\capam_command capam=<pamserver> adminUserID=super adminPassword=<password> cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-WIN-PS TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS $DNSserversArg $PAMproxiesArg
>capam_command capam=<pamserver> adminUserID=super adminPassword=<password> cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-WIN TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS Attribute.dnsServer="10.10.10.111,10.10.10.112" Attribute.agentId="1001,1002"
This is not necessary when using the remote CLI on UNIX/Linux. The following command will work just fine on a UNIX or Linux host:
# ./capam_command -n <pamserver> -u super -p <password> cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-UNIX TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS Attribute.dnsServer=10.10.10.111,10.10.10.112 Attribute.agentId=1001,1002
If you are using Power Shell on Windows, you need to put arguments with comma-separated lists into variables similar to the following:
> $DNSserverArg='Attribute.dnsServer="10.10.10.111,10.10.10.112"'
> $PAMproxiesArg='Attribute.agentId="1001,1002"'
> .\capam_command capam=<pamserver> adminUserID=super adminPassword=<password> cmdName=addTargetApplication TargetServer.ID=1006 TargetApplication.name=CLIpub-WIN-PS TargetApplication.type=windows Attribute.accountType=domain Attribute.domainName=ca.com Attribute.useDNS=specifiedDNS $DNSserversArg $PAMproxiesArg
Feedback
Yes
No
Powered by
