Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  CLI error adding windows target application

    Posted Oct 24, 2018 03:54 PM

    I'm using the CLI for CAPAM 3.2.2 trying to add a target application of type windows.   I'm receiving error "PAM-CM-3455: No Password Authority Windows Proxy specified."

     

    Here's my CLI example.   

    curl -k "https://10.0.1.1/cspm/servlet/adminCLI?adminUserID=super&adminPassword=hiddenpass&cmdName=addTargetApplication&TargetServer.hostName=host1&TargetApplication.name=host1&TargetApplication.type=windows&Attribute.descriptor1=windows&PasswordPolicy.name=longPCP&proxy.hostName=10.0.1.2&Attribute.accountType=local"

     

    full output of curl command

    <cw.appMessage><statusCode>5052</statusCode><statusMessage>PAM-CM-3455: No Password Authority Windows Proxy specified.</statusMessage><content><![CDATA[<CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>5052</cr.statusCode><cr.statusDescription>PAM-CM-3455: No Password Authority Windows Proxy specified.</cr.statusDescription><cr.result></cr.result></CommandResult>]]></content></cw.appMessage>

     

    According to the addTargetApplication - CA Privileged Access Manager - 3.2.2 - CA Technologies Documentation 

    there's no mention of specifying the proxy server in the data payload so I'm just guessing the key is proxy.hostName

     

    FYI, I've successfully used the CLI adding target applications of type unixII and mssql.

     

    Thank you



  • 2.  Re: CLI error adding windows target application
    Best Answer

    Broadcom Employee
    Posted Oct 24, 2018 04:34 PM

    Hi John, In our online documentation you find the following comment at https://docops.ca.com/ca-privileged-access-manager/3-2-2/EN/programming/credential-manager-remote-cli-and-java-api/credential-manager-cli-commands/addtargetapplication:

    "Use the addTargetApplication command to add a target application to Credential Manager. More parameters may be required, depending upon the Target Application Type."

     

    Information on specific application types is found in the sections where those target applications are discussed. E.g. for the Windows Proxy target application the relevant page is https://docops.ca.com/ca-privileged-access-manager/3-2-2/EN/implementing/protect-privileged-account-credentials/identify-target-applications-and-connectors/add-the-windows-proxy-connector/windows-proxy-target-connector-cli-configuration

    You will find that attributes Attribute.extensionType and Attribute.agentId are required, and others may or may not be required, e.g. depending on whether you want this target application to manage local accounts or domain accounts. This is stated for each attribute. You also find an example command on this page.
    You can use the searchAgent command to get the Agent IDs for your proxies.



  • 3.  Re: CLI error adding windows target application

    Posted Oct 25, 2018 10:13 AM

    As always thank you Ralf, that did the trick.  I missed that piece of the documentation.

    Here's my full CLI command should others have a similar question. 

     

    Get Proxy agent ID

    curl -k "https://CAPAMSERVER/cspm/servlet/adminCLI?adminUserID=admin&adminPassword=notrealpass&cmdName=searchAgent

     

    Add target application with windows proxy

    curl -k "https://CAPAMSERVER/cspm/servlet/adminCLI?adminUserID=admin&adminPassword=notrealpass&cmdName=addTargetApplication&TargetServer.hostName=win2016-001&TargetApplication.name=win2016001_winlocalproxy&Attribute.accountType=local&TargetApplication.type=windows&Attribute.extensionType=windows&Attribute.agentId=1021"