Description of Issue
When we login to the host and su to root with the password from PAM. sewhoami we can see the correct user and group membership.
Login using tectia not via PAM
[[email protected]: /userstaff/username]
[[email protected]: /userstaff/username] su -
Password:
Welcome root. This is a development server. BU is cts
[[email protected]: /]
[[email protected]: /]
[[email protected]: /] sewhoami -a
username
ACEE Contents
User's Name : username
ACEE's Handle : 36
Group Connections Table:
Group Name Connection Mode
==================== =================================
usersec OS_group
Categories : <None>
Profile Group : <None>
Security Label : <None>
User's Audit Mode : Failure LoginSuccess LoginFailure
User's Security Level : 0
Source Terminal : 10.140.112.55
Process Count for ACEE : 6
User's Mode : OS_user
ACEE's Creation Time : Wed Apr 7 09:26:06 2021
How ever when we login from PAM.
Welcome root. This is a development server. BU is cts
[[email protected]: /] sewhoami -a
root
ACEE Contents
User's Name : domain\username
ACEE's Handle : 39
Group Connections Table:
<Empty>
Categories : <None>
Profile Group : <None>
Security Label : <None>
User's Audit Mode : Failure LoginSuccess LoginFailure Interactive
User's Security Level : 0
Source Terminal : 10.25.243.193
Process Count for ACEE : 3
User's Mode : OS_user
ACEE's Creation Time : Wed Apr 7 09:30:57 2021
Warning: User name differs in CA Privileged Access Manager Server Control and UNIX.
Release : 14.1
Component : PAMSC Endpoint
Release : 3.4.x and hisgher
Component : PRIVILEGED ACCESS MANAGEMENT
This problem can be seen for multiple possible reasons but in several cases this was resolved with a hotfix from PAM development. The first step to resolving this issue is to ensure you are using the latest build of the PAMSC endpoint and the latest version of Symantec PAM.