Symantec Privileged Access Management

Dear Team,

We have several unwanted groups so we have Deleted that unwanted AD group. and in that group, there might be user associates.
Now user tries to log in with level_3(Get access after approving). 
After removing the password view policy we are able to log in to level_3 but while applying the password view policy PAM screen disappear after login in to level_3.
Is it due to removing groups?

Could you please help me with this issue?

Thank you

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM
------------------------------

Hello Sudip, Sorry, I cannot understand what problem you are reporting here. AD groups are PAM user groups and separate from target accounts. Password View Policies are for target accounts and therefore would not be affected by user group management per say. The only correlation would come from a policy against the user group. the policy would get deleted when the user group gets deleted, but I don't think that is what you are dealing with. You say that the problem depends on what PVP you have assigned. What login are you talking about? Target accounts are used for access to target devices. Are you saying that an access method is not working when a PVP with approval required is assigned, but works with the default PVP? In that case the password view (for auto-login) would have to be approved by an approver first.
Original Message:
Sent: Apr 28, 2022 06:37 AM
From: sudip karmacharya
Subject: Level_3 user not able to login

Dear Team,

We have several unwanted groups so we have Deleted that unwanted AD group. and in that group, there might be user associates.
Now user tries to log in with level_3(Get access after approving).
After removing the password view policy we are able to log in to level_3 but while applying the password view policy PAM screen disappear after login in to level_3.
Is it due to removing groups?

Could you please help me with this issue?

Thank you

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM
------------------------------

Dear Ralf,

Actually, we have a level_3 account which is similar to root so to access level_3 we have PVP. Only users get access after approving the level_3 access.
Our issue is user got approved but while accessing the PAM screen disappear after login into level_3. 
But work on default PVP. while checking in session log it showing like below screenshot.

Why does it show this type of error message?
PAM-CMN-2275: Unable to retrieve Password Authority password for username. Error: PAM-CM-0574: Missing required parameter: reference code.
PAM-CMN-1382: Credential not found for association

Could you please suggest?

Thank you,

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM
------------------------------

Original Message:
Sent: Apr 28, 2022 11:04 AM
From: Ralf Prigl
Subject: Level_3 user not able to login

Hello Sudip, Sorry, I cannot understand what problem you are reporting here. AD groups are PAM user groups and separate from target accounts. Password View Policies are for target accounts and therefore would not be affected by user group management per say. The only correlation would come from a policy against the user group. the policy would get deleted when the user group gets deleted, but I don't think that is what you are dealing with. You say that the problem depends on what PVP you have assigned. What login are you talking about? Target accounts are used for access to target devices. Are you saying that an access method is not working when a PVP with approval required is assigned, but works with the default PVP? In that case the password view (for auto-login) would have to be approved by an approver first.
Original Message:
Sent: Apr 28, 2022 06:37 AM
From: sudip karmacharya
Subject: Level_3 user not able to login

Dear Team,

We have several unwanted groups so we have Deleted that unwanted AD group. and in that group, there might be user associates.
Now user tries to log in with level_3(Get access after approving).
After removing the password view policy we are able to log in to level_3 but while applying the password view policy PAM screen disappear after login in to level_3.
Is it due to removing groups?

Could you please help me with this issue?

Thank you

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM
------------------------------

Hi Sudip, This was a known problem in older PAM (maintenance) releases. It should be fixed from 3.4.4 on. What release are you running right now?
Original Message:
Sent: Apr 29, 2022 02:13 AM
From: sudip karmacharya
Subject: Level_3 user not able to login

Dear Ralf,

Actually, we have a level_3 account which is similar to root so to access level_3 we have PVP. Only users get access after approving the level_3 access.
Our issue is user got approved but while accessing the PAM screen disappear after login into level_3.
But work on default PVP. while checking in session log it showing like below screenshot.

Why does it show this type of error message?
PAM-CMN-2275: Unable to retrieve Password Authority password for username. Error: PAM-CM-0574: Missing required parameter: reference code.
PAM-CMN-1382: Credential not found for association

Could you please suggest?

Thank you,

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM

Original Message:
Sent: Apr 28, 2022 11:04 AM
From: Ralf Prigl
Subject: Level_3 user not able to login

Hello Sudip, Sorry, I cannot understand what problem you are reporting here. AD groups are PAM user groups and separate from target accounts. Password View Policies are for target accounts and therefore would not be affected by user group management per say. The only correlation would come from a policy against the user group. the policy would get deleted when the user group gets deleted, but I don't think that is what you are dealing with. You say that the problem depends on what PVP you have assigned. What login are you talking about? Target accounts are used for access to target devices. Are you saying that an access method is not working when a PVP with approval required is assigned, but works with the default PVP? In that case the password view (for auto-login) would have to be approved by an approver first.
Original Message:
Sent: Apr 28, 2022 06:37 AM
From: sudip karmacharya
Subject: Level_3 user not able to login

Dear Team,

We have several unwanted groups so we have Deleted that unwanted AD group. and in that group, there might be user associates.
Now user tries to log in with level_3(Get access after approving).
After removing the password view policy we are able to log in to level_3 but while applying the password view policy PAM screen disappear after login in to level_3.
Is it due to removing groups?

Could you please help me with this issue?

Thank you

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM
------------------------------

Dear Ralf,

Ca Pam version 3.4.3.83.
Both that error message is a known issue. what does a mean of error message?
For that level_3 login, the issue is related to this issue.
Could you suggest to us what should I check to resolve this issue?


Thank you

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM
------------------------------

Original Message:
Sent: Apr 29, 2022 08:59 AM
From: Ralf Prigl
Subject: Level_3 user not able to login

Hi Sudip, This was a known problem in older PAM (maintenance) releases. It should be fixed from 3.4.4 on. What release are you running right now?
Original Message:
Sent: Apr 29, 2022 02:13 AM
From: sudip karmacharya
Subject: Level_3 user not able to login

Dear Ralf,

Actually, we have a level_3 account which is similar to root so to access level_3 we have PVP. Only users get access after approving the level_3 access.
Our issue is user got approved but while accessing the PAM screen disappear after login into level_3.
But work on default PVP. while checking in session log it showing like below screenshot.

Why does it show this type of error message?
PAM-CMN-2275: Unable to retrieve Password Authority password for username. Error: PAM-CM-0574: Missing required parameter: reference code.
PAM-CMN-1382: Credential not found for association

Could you please suggest?

Thank you,

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM

Original Message:
Sent: Apr 28, 2022 11:04 AM
From: Ralf Prigl
Subject: Level_3 user not able to login

Hello Sudip, Sorry, I cannot understand what problem you are reporting here. AD groups are PAM user groups and separate from target accounts. Password View Policies are for target accounts and therefore would not be affected by user group management per say. The only correlation would come from a policy against the user group. the policy would get deleted when the user group gets deleted, but I don't think that is what you are dealing with. You say that the problem depends on what PVP you have assigned. What login are you talking about? Target accounts are used for access to target devices. Are you saying that an access method is not working when a PVP with approval required is assigned, but works with the default PVP? In that case the password view (for auto-login) would have to be approved by an approver first.
Original Message:
Sent: Apr 28, 2022 06:37 AM
From: sudip karmacharya
Subject: Level_3 user not able to login

Dear Team,

We have several unwanted groups so we have Deleted that unwanted AD group. and in that group, there might be user associates.
Now user tries to log in with level_3(Get access after approving).
After removing the password view policy we are able to log in to level_3 but while applying the password view policy PAM screen disappear after login in to level_3.
Is it due to removing groups?

Could you please help me with this issue?

Thank you

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM
------------------------------

Hi Sudip, Upgrade to 4.0.1 or 4.0.2, or 4.1 (released yesterday) should resolve this problem. 3.4.3 Support ends May 11, see PAM Release and Support Lifecycle Dates. You have to upgrade anyway within the next couple of weeks to stay on a supported release.
Original Message:
Sent: Apr 29, 2022 12:03 PM
From: sudip karmacharya
Subject: Level_3 user not able to login

Dear Ralf,

Ca Pam version 3.4.3.83.
Both that error message is a known issue. what does a mean of error message?
For that level_3 login, the issue is related to this issue.
Could you suggest to us what should I check to resolve this issue?


Thank you

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM

Original Message:
Sent: Apr 29, 2022 08:59 AM
From: Ralf Prigl
Subject: Level_3 user not able to login

Hi Sudip, This was a known problem in older PAM (maintenance) releases. It should be fixed from 3.4.4 on. What release are you running right now?
Original Message:
Sent: Apr 29, 2022 02:13 AM
From: sudip karmacharya
Subject: Level_3 user not able to login

Dear Ralf,

Actually, we have a level_3 account which is similar to root so to access level_3 we have PVP. Only users get access after approving the level_3 access.
Our issue is user got approved but while accessing the PAM screen disappear after login into level_3.
But work on default PVP. while checking in session log it showing like below screenshot.

Why does it show this type of error message?
PAM-CMN-2275: Unable to retrieve Password Authority password for username. Error: PAM-CM-0574: Missing required parameter: reference code.
PAM-CMN-1382: Credential not found for association

Could you please suggest?

Thank you,

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM

Original Message:
Sent: Apr 28, 2022 11:04 AM
From: Ralf Prigl
Subject: Level_3 user not able to login

Hello Sudip, Sorry, I cannot understand what problem you are reporting here. AD groups are PAM user groups and separate from target accounts. Password View Policies are for target accounts and therefore would not be affected by user group management per say. The only correlation would come from a policy against the user group. the policy would get deleted when the user group gets deleted, but I don't think that is what you are dealing with. You say that the problem depends on what PVP you have assigned. What login are you talking about? Target accounts are used for access to target devices. Are you saying that an access method is not working when a PVP with approval required is assigned, but works with the default PVP? In that case the password view (for auto-login) would have to be approved by an approver first.
Original Message:
Sent: Apr 28, 2022 06:37 AM
From: sudip karmacharya
Subject: Level_3 user not able to login

Dear Team,

We have several unwanted groups so we have Deleted that unwanted AD group. and in that group, there might be user associates.
Now user tries to log in with level_3(Get access after approving).
After removing the password view policy we are able to log in to level_3 but while applying the password view policy PAM screen disappear after login in to level_3.
Is it due to removing groups?

Could you please help me with this issue?

Thank you

------------------------------
Network and security Engineer technical associative
Cas Trading House
Putalisadak, KTM
------------------------------