sewhoami does not produce an output in CA PIM
search cancel

sewhoami does not produce an output in CA PIM

book

Article ID: 40608

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

The user logs in with the id and sewhoami returns nothing. sewhoami -a returns "_undefined"
sebuildla -a (building a lookaside table) also does not help the user identification issue.
sesu will also result in "sesu: Cannot determine current user name."

[user@hostname]$ ./sewhoami

[user@hostname]$

[user@hostname]$ ./sesu root

[user@hostname]$ sesu: Cannot determine current user name.

 

Environment

CA PIM 12.9, 12.8.1 and CA PAM SC

Redhat RHEL 6.6

Cause

The issue can be a derivative of LDAP not having account enumeration set in the environment so PIM is unable to keep tabs on the user so you will lose the ability to sesu and sewhoami will yield no response. Another issue that may arise is a 64-bit SSSD library installed and without a 32-bit library present, no 32-bit application will be able to utilize it i.e. PIM 32-bit version.
 

Resolution

The ways to correct this are:

-ensure auth_login = PAM in the seos.ini is set along with the setting loginappl to use PAM

er LOGINAPPL SSH loginflags(PAMLOGIN)

-user data enumeration not being enabled in the SSSD backend

-They need to install the 32-bit libnss_sss library to allow 32-bit processes to retrieve user and group information, library sssd-client.i686 

Powered by Wolken Software