We utilize PBIS (PowerBroker Identity Services) to integrate Active Directory with Linux, allowing for centralized authentication and management. Our older AutoSys Linux Servers use PBIS "OPEN" for AD integration. As PBIS-OPEN is archived and not maintained, all new *nix server builds are now configured with our licensed PBIS-ENTERPRISE.
When on *nix server where PBIS-OPEN, "who" returns username; on *nix server where PBIS-ENTERPRISE, "who" returns MYDOMAIN\username. This is due to a site-wide configuration that enables quick identification of local vs domain accounts. Have been informed that this is the new standard and cannot/will not be changed.
When building out a new AutoSys deployment on Linux servers, I configured the EEM servers identically to our existing servers and loaded the WCC and WorkloadAutomationAE with our standard policies. The AutoSys EEM policies that work flawlessly on PBIS-OPEN servers are failing on the PBIS-ENTERPRISE.
For example, when logged in as userabc,
- on the old (PBIS=OPEN) Linux AutoSys CLI server:
[pbisopen dasys01] $ autotrack -u 2
CAUAJM_I_50150 AutoTrack Level=2
- on the NEW Linux AutoSys CLI server (PBIS=ENTERPRISE):
[pbisent dasys01] $ autotrack -u 2
CAUAJM_W_10406 Control Execute Access Denied!
CAUAJM_W_10439 No policies granting access to resource.
CAUAJM_W_10440 Class: as-control Resource: LS1.AUTOTRACK User: MYDOMAIN\userabc Access: execute
CAUAJM_W_10442 Time: 1760715186 Delegator: None
CAUAJM_I_50150 AutoTrack Level=0
QUESTION:
What configuration, policy, or LDAP mapping changes can we do to enable AutoSys EEM policies to authenticate correctly when authorized user is logged onto a PBIS-ENTERPRISE server?
------------------------------
Roz Smith
------------------------------