Check in Privileged Account failed.

book

Article ID: 40181

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Question:

My linux PUPM/SAM privileged account endpoint is using a language other than English. It is set to change password on checkin. When we try checking in, we get the following message in the browser where <user> is the username of the endpoint adminstrative user:

Check in Privileged Account. Failed to change the account password Native error: Command result doesn't contain text. Command: 'passwd <user>'. Received: 'passwd <user>'

 

Answer:

The following kind of message should also be in <AccessControlServer>\Connector Server\logs\jcs_daily.log:

[ApacheDS Worker-thread-173] (com.ca.jcs.processor.ConnectorProcessorProxyHandler:218) ERROR - class com.ca.jcs.sshdyn.SSHMetaConnector: <directory> [eTDYNDirectoryName=<directory>,eTNamespaceName=SSH Device,dc=im,dc=etasa]: class com.ca.jcs.processor.RetryOpProcessorProxy: failed call on doModify javax.naming.NamingException: !"20","Change password error."," Command result doesn't contain text. Command: 'passwd <user>'. Received: 'passwd <user>Cambiando la contraseña del usuario <user>. Nueva contraseña: '. WaitForText:'word:'."

 

The above is if the language is Spanish, but it will be similar for other languages.

JCS uses the command "password <user>" when it changes the password on checkin. It then waits until there is a prompt ending in "word:" (see WaitForText:'word:' in error message above) and enters the new password to change it. However, as this server is Spanish the prompt from passwd is "Nueva contraseña:" not "New password:" so JCS times out with the error in the browser:

Check in Privileged Account. Failed to change the account password Native error: Command result doesn't contain text. Command: 'passwd <user>'. Received: 'passwd <user>'

The easiest workaround is to set the language for the administrative user of the endpoint to use US English. To do this, simply add the following to the end of $HOME/.bashrc (where $HOME is the home directory for the administrative user of the endpoint):

# Added to fix PIM checkins

LANG=en_US.UTF-8

 

 

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component: