Symantec Privileged Access Management

Expand all | Collapse all

Tech Tip - You are not allowed to administer this site from terminal

  • 1.  Tech Tip - You are not allowed to administer this site from terminal

    Posted 02-02-2016 09:41 AM

    Many times, users aren't able to 'host' or login to a certain TERMINAL record.  This can happen when a user needs access to a resource last minute that wasn't setup or thought about appropriately before implementing their environment.

     

    [User1@CM_Testbox_01~]$ selang

    CA ControlMinder selang v12.80.0.1432 - CA ControlMinder command line interpreter

    Copyright (c) 2013 CA. All rights reserved.

    AC>host CM_Testbox_02

    ERROR: Initialization failed, EXITING!

    (CM_Testbox_02)

    ERROR: Login procedure failed

    ERROR: You are not allowed to administer this site from terminal CM_Testbox_01.

     

    This is because the user, User1, doesn't have the appropriate permissions to access the TERMINAL record on CM_Testbox_02.  Many individuals thought that we would need to create a record on machine we are trying to login from, in which case would be CM_Testbox_01. However, that is incorrect.  We need to create a TERMINAL resource on the remote host we are trying to connect to, then an authorization resource to allow the appropriate user(s) and/or group(s) to login.

     

    So, we go to the endpoint we're having trouble connecting to, CM_Testbox_02.

    [User1@CM_Testbox_02~]$ selang

    CA ControlMinder selang v12.80.0.1432 - CA ControlMinder command line interpreter

    Copyright (c) 2013 CA. All rights reserved.

    AC> er TERMINAL CM_Testbox_01 defacc(r) owner(nobody)

    AC> auth TERMINAL CM_Testbox_01 uid(User1) access(all)

    Once we have successfully created these TERMINAL records, the resource is available immediately to the defined user(s) and/or group(s) previously specified.



  • 2.  Re: Tech Tip - You are not allowed to administer this site from terminal

    Posted 01-31-2019 08:26 PM

    I have similar issue with a server windows server 2008 with the account "administrator" at PIM 12.9 , i execute the command auth TERMINAL CM_Testbox_01 uid(administrator) access(all), but this command return "There was an error retrieving the data for USER administrator"

     

     

    Some idea for this?