IT Process Automation

Expand all | Collapse all

Cannot log in with pamadmin user after PAM fresh install

Jump to Best Answer
  • 1.  Cannot log in with pamadmin user after PAM fresh install

    Posted 01-29-2016 03:26 PM

    Hello everyone,

     

    I'm installing and configuring CA PAM here in our company for the first time. I followed all the steps in this page: Install the Domain Orchestrator - CA Process Automation - 4.3 - CA Technologies Documentation . However, after installing and running the service, I can't log in using the pamadmin user.

     

    When I enter EEM selecting the Process Automation application, I see the following users in Manage identities page:

    Our EEM is referencing users from external LDAP, so I think these users are not on LDAP Directory. But the Install Guide has no information about creating users or groups or domain rights on AD when user info is from external LDAP.

     

    Any ideas?



  • 2.  Re: Cannot log in with pamadmin user after PAM fresh install

    Posted 01-29-2016 04:18 PM

    If you log in under the Process Automation context in EEM as EiamAdmin, you can add application groups to global users. Just you searched for PAMAdmin, search for a user that exists in the External LDAP directory (like yourself), then you can add the appropriate Application groups to that account. This will allow you to log into PAM



  • 3.  Re: Cannot log in with pamadmin user after PAM fresh install

    Posted 02-04-2016 02:52 PM

    The issue was not letting new users to log into PAM, but these users that was not configurated properly... But I found out that someone already tried to install CA PAM here before, and these users may have not been removed. I think this was the cause of the conflict...



  • 4.  Re: Cannot log in with pamadmin user after PAM fresh install
    Best Answer

    Posted 01-30-2016 01:13 PM

    Your screen capture tells you the issue. Note that these four users are Orphaned Users. This is exactly because your EEM is configured to use an LDAP source (in this case AD). There are created in the EEM internal store but you are not using the EEM internal store but the LDAP source. As Benjamin recommended, identify a user (or create a new user) in your AD that you will use to administer your PAM. Add that user to the appropriate PAM groups.



  • 5.  Re: Cannot log in with pamadmin user after PAM fresh install

    Posted 02-04-2016 02:56 PM

    I see... But the wizard shouldn't have created the users in LDAP?



  • 6.  Re: Cannot log in with pamadmin user after PAM fresh install

    Posted 02-04-2016 03:39 PM

    Correct, PAM cannot create users in your directory.   The pamadmin and other pam_* users can only be created if EEM is using the Internal user store.