In PAM, do we have the feature of Auto discovery of privileged accounts from target machines (on OS level accounts)
Hi Dina, PAM support discovery of supports discovery of Linux, UNIX, Active Directory, local Windows (using Windows Proxy or Windows Remote), and LDAP accounts. See https://docops.ca.com/ca-privileged-access-manager/3-2/EN/implementing/configure-credential-manager-targets/account-discovery for details.
I am trying to discover the accounts used in a Windows server (local accounts). Already I created an admin user on this server and configured this user to device account mapping in PAM. But when I do discovery, there is no privileged accounts discovered.
But we have 4 users are there in the servers.
Kindly let me know if I am missing something.
Which version of PAM do you have? If I am correct Windows local account discovery is included from some version of 3.0.
we are using 3.1.1. Can you kindly help us how this can be configured?
OR any documentation with the detailed steps?
I have setup accounts discovery for a Linux server.. I ran it once and after few seconds it shows as completed
On the scan profile discovery page, for this discovery profile PAM shows 0-0-0-0-0 for all accounts.
I clicked on "Dicovered"-0 link, and it opens a pop up windows showing the scan results.
In that I choose Logs tab, I can see below
PAM-CM-0391: Account Discovery Started
PAM-CM-0392: Account Discovery found account root
As per my understanding, it has discovered the root account, so count should be 1.
I setup another scan profile for another server. From the logs I see below.
PAM-CM-0391: Account Discovery StartedPAM-CM-0370: Invalid discovery response from device reflexgwtapp1 for file /home/hendriksim/.ssh/authorized_keys; expected embedded key but instead received #### key file: /home/khudihan/.ssh/authorized_keysPAM-CM-0370: Invalid discovery response from device reflexgwtapp1 for file /home/hendriksim/.ssh/authorized_keys; expected embedded key but instead received #### time stamp: 2015-04-10T00:23:10+0700PAM-CM-0370: Invalid discovery response from device reflexgwtapp1 for file /home/hendriksim/.ssh/authorized_keys; expected embedded key but instead received #### embedded keys:PAM-CM-0363: No discovery credentials with sufficient permissions available for application premiumdapp1. Discovery unsuccessful.PAM-CM-0392: Account Discovery found account root
it shows 0 accounts in the history.
Can you please help to troubleshoot this issue?
Hi Dina, I agree that the scan should have come back with at least one discovered user. The scan may have run into an error later on. This is not the right forum for troubleshooting. Please open a support case so we can investigate the problem in detail.