Many times, users aren't able to 'host' or login to a certain TERMINAL record.
[User1@CM_Testbox_01~]$ selang
CA ControlMinder selang v12.80.0.1432 - CA ControlMinder command line interpreter
Copyright (c) 2013 CA. All rights reserved.
AC>host CM_Testbox_02
ERROR: Initialization failed, EXITING!
(CM_Testbox_02)
ERROR: Login procedure failed
ERROR: You are not allowed to administer this site from terminal CM_Testbox_01.
Privileged Identity Manager 12.8 SP1
PAM Server Control 14.0,14.1
This is because the user, User1, doesn't have the appropriate permissions to access the TERMINAL record on CM_Testbox_02. Many individuals thought that we would need to create a record on machine we are trying to login from, in which case would be CM_Testbox_01. However, that is incorrect. We need to create a TERMINAL resource on the remote host we are trying to connect to, then an authorization resource to allow the appropriate user(s) and/or group(s) to login.
So, we go to the endpoint we're having trouble connecting to, CM_Testbox_02.
[User1@CM_Testbox_02~]$ selang
CA ControlMinder selang v12.80.0.1432 - CA ControlMinder command line interpreter
Copyright (c) 2013 CA. All rights reserved.
AC> er TERMINAL CM_Testbox_01 defacc(r) owner(nobody)
AC> auth TERMINAL CM_Testbox_01 uid(User1) access(all)
Once we have successfully created these TERMINAL records, the resource is available immediately to the defined user(s) and/or group(s) previously specified.