Is it possible to discover only accounts in a certain group, for example administrators group when using the Windows Target connector to discover local accounts? The Account Discovery tab in the Target Application only allows one to specify a list of accounts to discover. If I'm looking for unknown accounts that could be in the Administrators group would be more useful than specifying a known list of accounts.
Hello John, Sorry for the delayed response. PAM does not have this feature at present. Group filters are only available for the Active Directory target connector and therefore for domain accounts, not for local Windows accounts. Feel free to raise an idea for an enhancement here.
You have some procedure or document on how to include the domain controller certificate in PAM, this is based on the fact that I am trying to synchronize and change the password of a domain account, but I get the following error:
Nov 28, 2018 1:34:19 AM com.ca.pam.rest.PAUtil generateExceptionFromAppCtxSEVERE: PAM-CM-0759: Failed to verify password with target. If this problem persists then please ask your Administrator to investigate.Nov 28, 2018 1:35:14 AM com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager loginToActiveDirectoryServerSEVERE: Failed authentication to Active Directory using account 'thomas.guaman'com.cloakware.cspm.server.app.ApplicationException: PAM-CM-3433: Certificate can not be retrieved from the domain controller
I thank you if you have any document or link about it
Hi Julian, I believe you raised the exact same question in thread https://communities.ca.com/thread/241788857-is-it-possible-to-rest-a-users-active-directory-in-pam, and we responded there already.