Symantec Privileged Access Management

 View Only
  • 1.  Level_3 user not able to login

    Posted Apr 28, 2022 06:38 AM
    Dear Team,

    We have several unwanted groups so we have Deleted that unwanted AD group. and in that group, there might be user associates.
    Now user tries to log in with level_3(Get access after approving).
    After removing the password view policy we are able to log in to level_3 but while applying the password view policy PAM screen disappear after login in to level_3.
    Is it due to removing groups?

    Could you please help me with this issue?

    Thank you

    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    Putalisadak, KTM
    ------------------------------


  • 2.  RE: Level_3 user not able to login

    Broadcom Employee
    Posted Apr 28, 2022 11:04 AM
    Hello Sudip, Sorry, I cannot understand what problem you are reporting here. AD groups are PAM user groups and separate from target accounts. Password View Policies are for target accounts and therefore would not be affected by user group management per say. The only correlation would come from a policy against the user group. the policy would get deleted when the user group gets deleted, but I don't think that is what you are dealing with. You say that the problem depends on what PVP you have assigned. What login are you talking about? Target accounts are used for access to target devices. Are you saying that an access method is not working when a PVP with approval required is assigned, but works with the default PVP? In that case the password view (for auto-login) would have to be approved by an approver first.


  • 3.  RE: Level_3 user not able to login

    Posted Apr 29, 2022 02:13 AM
    Dear Ralf,

    Actually, we have a level_3 account which is similar to root so to access level_3 we have PVP. Only users get access after approving the level_3 access.
    Our issue is user got approved but while accessing the PAM screen disappear after login into level_3.
    But work on default PVP. while checking in session log it showing like below screenshot.

    Why does it show this type of error message?
    PAM-CMN-2275: Unable to retrieve Password Authority password for username. Error: PAM-CM-0574: Missing required parameter: reference code.
    PAM-CMN-1382: Credential not found for association

    Could you please suggest?

    Thank you,

    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    Putalisadak, KTM
    ------------------------------



  • 4.  RE: Level_3 user not able to login

    Broadcom Employee
    Posted Apr 29, 2022 09:00 AM
    Hi Sudip, This was a known problem in older PAM (maintenance) releases. It should be fixed from 3.4.4 on. What release are you running right now?


  • 5.  RE: Level_3 user not able to login

    Posted Apr 29, 2022 12:03 PM
    Dear Ralf,

    Ca Pam version 3.4.3.83.
    Both that error message is a known issue. what does a mean of error message?
    For that level_3 login, the issue is related to this issue.
    Could you suggest to us what should I check to resolve this issue?


    Thank you

    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    Putalisadak, KTM
    ------------------------------



  • 6.  RE: Level_3 user not able to login

    Broadcom Employee
    Posted Apr 29, 2022 12:29 PM
    Hi Sudip, Upgrade to 4.0.1 or 4.0.2, or 4.1 (released yesterday) should resolve this problem. 3.4.3 Support ends May 11, see PAM Release and Support Lifecycle Dates. You have to upgrade anyway within the next couple of weeks to stay on a supported release.