Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/13/2023 08:21 AM - edited 06/13/2023 10:22 AM
Hi all,
We have successfully onboarded on-premises Linux workloads, including RHEL 9 and Ubuntu. We have created sharable accounts, namely "cpam_credentialless" and "cpam_credentials," on both UNIX machines. On EP accounts have been pambootstraped and imported successfully.
However, for Ubuntu, only the "cpam_credentialless" account has been pam-enabled, while the "cpam_credentials" change password task has failed with the following error: "Failed - Failed to store PublicKey in target... setting pemPrivateKey as null | Successfully changed password for account."
On the other hand, for RHEL 9, the "cpam_credentials" account has been pam-enabled, but the "cpam_credentialless" change password task has failed with the following error: "Failed - Successfully deleted SSH key for account | Failed to change password for account."
We are experiencing difficulties in submitting the credential/credentialless access for the above targets, as we are receiving the error message: "Your request can't be submitted at this time. Try again later, or contact your administrator."
If anyone has encountered a similar issue or knows of a workaround, we would greatly appreciate your assistance.
Regards,
Suresh
06/14/2023 08:41 AM
Hi all,
For RHEL 9, both credential-based and credential less access are now functioning properly. However, we are encountering password/SSH key issues specifically with Ubuntu. The key/password generated on Saviynt is not being accepted by the target Ubuntu system, despite enabling backward compatibility on both servers. While the authentication key works for the master connection, it fails during the JIT (Just-in-Time) session. Additionally, our logs indicate that the key is not being accepted on Ubuntu.
Regards,
Suresh
06/14/2023 11:37 AM
@sureverma For the benefit of others in forums, please share the details of what fixed the issue with RHEL 9. I believe it is the permissions issue with the master account, but please confirm.
And for the ubuntu server, please share the logs (after removing any sensitive information) where it says the key is not being accepted.
Thanks,
Nagesh K