ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

PAM group not found -- User name differs in CA Privileged Access Manager Server Control and UNIX.

book

Article ID: 225349

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Description of Issue
 
When we login to the host and su to root with the password from PAM.  sewhoami   we can see the correct user and  group membership.

Login using tectia not via PAM
[[email protected]: /userstaff/username] 
[[email protected]: /userstaff/username] su -
Password: 

Welcome root. This is a development server. BU is cts

[[email protected]: /] 
[[email protected]: /] 
[[email protected]: /] sewhoami -a
username
ACEE Contents
  User's Name             : username
  ACEE's Handle           : 36
  Group Connections Table:
    Group Name              Connection Mode
            ====================    =================================
    usersec                  OS_group 
Categories              : <None>
Profile Group           : <None>
Security Label          : <None>
User's Audit Mode       : Failure LoginSuccess LoginFailure 
User's Security Level   : 0
Source Terminal         : 10.140.112.55
Process Count for ACEE  : 6
User's Mode             : OS_user 
ACEE's Creation Time    : Wed Apr  7 09:26:06 2021

 


How ever when we login from PAM. 

Welcome root. This is a development server. BU is cts

[[email protected]: /] sewhoami -a
root
ACEE Contents
  User's Name             : domain\username
  ACEE's Handle           : 39
  Group Connections Table:
<Empty>
Categories              : <None>
Profile Group           : <None>
Security Label          : <None>
User's Audit Mode       : Failure LoginSuccess LoginFailure Interactive
User's Security Level   : 0
Source Terminal         : 10.25.243.193
Process Count for ACEE  : 3
User's Mode             : OS_user 
ACEE's Creation Time    : Wed Apr  7 09:30:57 2021

Warning: User name differs in CA Privileged Access Manager Server Control and UNIX.

 

Environment

Release : 14.1

Component : PAMSC Endpoint

Release : 3.4.x and hisgher

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

This problem can be seen for multiple possible reasons but in several cases this was resolved with a hotfix from PAM development. The first step to resolving this issue is to ensure you are using the latest build of the PAMSC endpoint and the latest version of Symantec PAM.