Many times, users aren't able to 'host' or login to a certain TERMINAL record.

[User1@CM_Testbox_01~]$ selang

CA ControlMinder selang v12.80.0.1432 - CA ControlMinder command line interpreter

Copyright (c) 2013 CA. All rights reserved.

AC>host CM_Testbox_02

ERROR: Initialization failed, EXITING!

(CM_Testbox_02)

ERROR: Login procedure failed

ERROR: You are not allowed to administer this site from terminal CM_Testbox_01.

Privileged Identity Manager 12.8 SP1
PAM Server Control 14.0,14.1

This is because the user, User1, doesn't have the appropriate permissions to access the TERMINAL record on CM_Testbox_02.  Many individuals thought that we would need to create a record on machine we are trying to login from, in which case would be CM_Testbox_01. However, that is incorrect.  We need to create a TERMINAL resource on the remote host we are trying to connect to, then an authorization resource to allow the appropriate user(s) and/or group(s) to login.

So, we go to the endpoint we're having trouble connecting to, CM_Testbox_02.

[User1@CM_Testbox_02~]$ selang

CA ControlMinder selang v12.80.0.1432 - CA ControlMinder command line interpreter

Copyright (c) 2013 CA. All rights reserved.

AC> er TERMINAL CM_Testbox_01 defacc(r) owner(nobody)

AC> auth TERMINAL CM_Testbox_01 uid(User1) access(all)

Once we have successfully created these TERMINAL records, the resource is available immediately to the defined user(s) and/or group(s) previously specified.