Quest has been named as an ASP "Ten Best Web Support Sites" award winner. Learn more.

Quest One Management Console for Unix 2.5.1 - Release Notes

Quest One™ Management Console for Unix  2.5.1 Release Notes

Quest One™ Management Console for Unix

Version 2.5.1

Release Notes

August 2013

 

 

Contents

Welcome to Quest One Management Console for Unix

New in this Release

Resolved Issues and Enhancements

Known Issues

Upgrade and Compatibility

System Requirements

Product Licensing

Global Operations

Getting Started

For More Information

 


Welcome to Quest One Management Console for Unix

Quest One Management Console for Unix is a web-based console that delivers a consolidated view and centralized point of management for local Unix users and groups, including:

  • Local Unix user and group management
  • Centralized reporting
  • Pre-migration readiness assessment for integrating with Active Directory
  • Remote client-agent deployment
  • Secure local Unix accounts with Active Directory authentication

Key features and capabilities of the management console:

  • Local Unix user and Group Management
  • Active Directory Integration
  • Privilege Manager Integration
  • Remote Agent Deployment
  • Role-Based Access Control
  • Reporting
  • Securing Local Unix Accounts with Active Directory Authentication
  • Web Services

 


New in this Release

The following is a list of the new features introduced in Quest One Management Console for Unix 2.5.1.

Version 2.5.1 New Features

There are no new features for the current release. See Resolved Issues and Enhancements for the list of issues addressed and enhancements implemented in this release.

Version 2.5.0 New Features

The following is a list of the new features in Quest One Management Console for Unix 2.5.0.

  • Quest Privilege Manager for Unix Integration

    Support for advanced, centralized Privilege Manager for Unix policy management, remote agent plugin installation and configuration, keystroke logging and replay, and reporting.

    • New roles for managing Privilege Manager for Unix
    • Remote installation of the Privilege Manager software
    • Readiness checks for both server configuration and host joins to policy groups
    • Ability to configure both primary and secondary policy servers
    • Centralized pmpolicy profile management with reporting and auditing
    • Support for the PMRUN elevation credential
    • Support for Tectia SSH
  • New features for Quest One Privilege Manager for Sudo
    • Support for Mac OS X
  • Quest Authentication Services Access Control Management

    Support for limiting Active Directory user access to host systems by managing which Active Directory users and groups can access the host systems.

    • Manage access control on a single host system
    • Add and remove Active Directory users or groups across multiple hosts
  • Other New Management Console Features
    • Reset or change passwords for multiple local accounts across multiple hosts
    • Modify certain user properties across multiple hosts
    • Context-sensitive help is now available
    • New control role for access to all reports
    • Product License Usage report

 


Resolved Issues and Enhancements

Version 2.5.1 Resolved Issues and Enhancements

The following is a list of issues addressed and enhancements implemented in Quest One Management Console for Unix 2.5.1.

Resolved Issue Defect ID
When you install Quest Authentication Services 4.0.3 on Solaris 10 (SPARC – 32/64 bit), the Solaris 10 SPARC packages are installed. 28050
Orphaned _kerberos SRV record no longer cause AD auth to fail. 28056
The Access and Privileges by User report now reports privileges for users who received privileges from Unix enabled group. 28088
You can now specify where you want to install the MCU. 28111
You can specify the database port during install; but you can not modify the database port on upgrade. 28152
Auto-profile on AIX with existing cron.deny file correctly creates a cron.allow file. 28168
Can now upgrade QPMU 5.6 to 6.0 via MCU. 28203,
28204
Workstation-only licenses now register count in MCU. 28384
Access and Privilege reports display all users/hosts in the details list. 28388
Fixed issue when saving policy on Firefox. 28389

Version 2.5.0 Resolved Issues and Enhancements

The following is a list of issues addressed and enhancements implemented since the Quest One Management Console for Unix 2.0.1 release.

Issue

Description

Defect ID

Closing Browser while report was collecting data did not stop the process on the server

 

Console now tracks report task ids and cancels any that have not finished when
application closes or you navigate away.

 

26374

Auto-profile blocked users from using cron

 

Enabling auto-profile on a box without a cron.allow no longer blocks all users from using cron.

 

26455

Duplicate user names displayed in group membership

Console now properly displays names in group membership when QAS lowercase-names is set to true.

 

26458

Unhelpful error messages on failed client install

Error message improved to indicate what the real failure was.

 

26784

 

Cannot profile host when /tmp directory is mounted with the noexec flag

Profile now works when /tmp directory is mounted with the noexec flag.

 

26861

Join Host to AD using SU elevation failed

 

Console now allows you to join to AD using SU elevation.

 

26964

Local Groups report take long time to run

Local groups report no longer makes unnecessary queries to AD.

 

26986

QAS Access Control did not recognize all OUs

 

When reporting QAS Access Control rules, we now correctly handle OUs.

 

27047

Cron.allow file owned by non-root when created.

 

Tasks requiring service accounts (such as auto-profile) create cron.allow if it does not exist. Now is created with root as the owner.

 

27049

Auto-profiles using custom SSH port failed

 

Auto-profile now uses custom port specified.

 

27267

ESX servers displayed incorrect OS on Console

 

Console now displays VMware ESX #.# on Host list and Host properties.

 

27377

AD Readiness Check Failed

 

Console now allows quotes in the password.

 

27418

RPM package management failed with permission set to 700

 

Console now installs software successfully with /bin/rpm permissions set to 700.

 

27430

SU Elevation on Solaris failed

Console now allows passwords with spaces.

 

27494

 


Known Issues

Version 2.5.1 Known Issues

There are no issues known to exist at the time of Quest One Management Console for Unix 2.5.1 release.

Version 2.5.0 Known Issues

The following is a list of issues known to exist at the time of Quest One Management Console for Unix 2.5.0 release.

Issue

Description

Defect ID

PowerShell Cmdlets

 

!= comparison operator is not working for "Find" filters.

Workaround: Use PowerShell Cmdlets to search for objects.

 

CR #27854

Policy Editor

 

When multiple people are editing the same policy file, the last saved version of the policy overwrites the other's changes.

 

CR #27703

Java Plugin Compatibility

 

Running Firefox with the JVM Plugin may produce security issues when loading applets. Because of the frequent updating of Firefox and Java Plugin, the editor applet and/or mindterm SSH applet might not work. Make sure you are using the latest versions of both Firefox and the Java Plugin on the client you use to access the console.

 

CR #27871

SSH Failure

 

Management Console for Unix does not support Security-Enhanced Linux (SELinux).

 

CR #27455

 


 


Upgrade and Compatibility

The process for upgrading Quest One Management Console for Unix from an older version is similar to installing it for the first time. The installer detects an older version of the management console and automatically upgrades the components. (Please see Quest One Management Console for Unix Administrator's Guide for more information.)

 

Upgrade Notes:

  • Before you begin the upgrade procedure,
    • Delete your browser cache (Temporary Internet Files and Cookies).
    • Close Quest One Management Console for Unix and make a backup of your database.
  • After an upgrade from any version of the management console, it is important to re-profile all hosts.
  • If you are upgrading from Quest Identity Manager for Unix 1.0 to Management Console for Unix 2.x, be aware of the following:
    • Passwords cached by the supervisor account or AD users with console access were not migrated during the upgrade process due to changes in encryption. Users will have to re-enter their passwords for hosts they manage the next time they perform tasks on the hosts, and choose to cache their credentials again on the server.
    • Existing Active Directory users and groups granted access to the management console are added to the Manage Hosts role, giving them access to the features they had before the upgrade.

 


System Requirements

Quest One Management Console for Unix consists of two main components: a web server and a client (or management console). Before installing Quest One Management Console for Unix, ensure your system meets the following minimum hardware and software requirements for your platform:

Quest One Management Console for Unix Web Server
Supported Windows Platforms

Can be installed on 32-bit or 64-bit editions of the following configurations:

  • Windows XP SP2 (or later)
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows Server 2003 SP1 (or later)
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012

Note: When running Quest One Management Console for Unix on Windows 2008 R2, functioning as a domain controller, the process must be elevated. As a best practice, Quest does not recommend that you install or run the Windows components on Active Directory domain controllers. The recommended configuration is to install them on an administrative workstation.


Note: The performance of some Active Directory searches may be better on:

  • 64bit: Windows 2003 64-bit and above
  • 32bit: Windows 2003 SP1 + hotfix* or Windows 2003 SP2 (and above)

    *Click Microsoft Support to read a Microsoft article entitled, "A hotfix is available that improves the performance of programs that query Active Directory for group memberships in Windows Server 2003".


    To apply this hotfix, you must have Windows Server 2003 Service Pack 1 (SP1) installed. Note: The x64-based versions of Windows Server 2003 already include the fixes and features that are included in Windows Server 2003 SP1. If the computer is running an x64-based version of Windows Server 2003, you do not have to install SP1.

Server Requirements

The Management Console for Unix server requires Sun JRE (Java Runtime Environment) version 1.6. Installation of the server on a Windows operating system includes a download of 32-bit version of the 1.6 JRE for server use; Linux and Mac servers can run a 64-bit version of the 1.6 JRE.

A separate Java browser plugin may be required for the web browser. (For more information see Supported Web Browsers below.)


Note: Quest One Management Console for Unix:

  • is not supported on AIX
  • does not support Java 1.7
Managed Host Requirements

Click here to view a list of Unix, Linux, and Mac platforms that support Authentication Services.

Click here to review a list of Unix and Linux platforms that support Privilege Manager for Unix.

Click here to review a list of Unix, Linux, and Mac platforms that support Privilege Manager for Sudo.


Note: To enable the Management Console for Unix server to interact with the host, you must install both an SSH server (that is, sshd) and an SSH client on each managed host. Both OpenSSH 2.5 (and higher) and Tectia SSH 5.0 (and higher) are supported.

Note: Management Console for Unix does not support Security-Enhanced Linux (SELinux).

Note: When you install Quest Authentication Services on Solaris 10 (SPARC – 32/64 bit), the Solaris 8 SPARC packages are installed.

Default Memory Requirement

1024 MB


Note: See JVM Memory Tuning Suggestions in online help for information about changing the default memory allocation setting in the configuration file.

Supported Web Browsers

While the Management Console for Unix server requires Sun JRE (Java Runtime Environment) version 1.6; to use specific features such as the SSH to Host feature or the Policy Editors, you must install the Sun JRE browser plugin version 1.6 or greater. You can install both the Sun JRE and the Java browser plugin on the same machine. For example, if you are running the browser on the machine where the server resides, you may install both the Sun JRE 1.6 and the Java browser plugin 1.7

The management console officially supports the following web browsers:

  • Microsoft Internet Explorer 7, 8, 9, and 10
  • Mozilla Firefox 3 and greater

    Note: Java applets will not run in Firefox 18 with older Java versions (prior to 1.7). (See Java Applet Failures in the console online Help for more information.)

  • Apple Safari 4 (Mac only: Windows not supported)

    Note: Quest recommends that you

    • Do not open two sessions of the management console in the same browser.
    • Set your screen resolution to a minimum of 1024 x 768 for the best results

 


Product Licensing

This product does not require licensing.

 


Global Operations

This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.

This release is Unicode-enabled and supports any character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan.

This release has the following known capabilities or limitations: Quest Authentication Services has been tested with double-byte configured locales on the Linux platform. All of the client side components operate successfully with double-byte characters in all Unix attributes

There is no localization of either the client or Windows user interface.

 


Getting Started

Contents of the Release Package

The Quest One Management Console for Unix release package contains the following products:

  1. Quest One Management Console for Unix version 2.5.1
  2. Web service and PowerShell client utilities
  3. .Net Web service client examples
  4. Product Documentation, including:
    • Quest One Management Console for Unix Administrator's Guide
    • Release Notes

Note: You can find the Management Console for Unix product documentation at: http://documents.quest.com. You can find the management console user guides in the following products:

Installation Instructions

Refer to the Quest One Management Console for Unix Administrator's Guide for detailed installation and configuration instructions.

When installing both Quest One Management Console for Unix AND Quest Authentication Services, there is no requirement as to which product must be installed first.

 


For More Information

Get the latest product information, find helpful resources, test the product betas, and join a discussion with the development team and other community members. Join the Community at All Things Unix.

Contact Information

Dell listens to customers and delivers worldwide innovative technology, business solutions and services they trust and value. For more information, visit
www.dell.com.

 

Technical Support:
Online Support

Product Questions and Sales:
(800) 306 – 9329

Email:
info@quest.com

About Support

Support is available to customers who have a trial version or who have purchased Quest software and have a valid maintenance contract. The Support Portal at www.quest.com/support is the definitive resource for technical support with self-help capabilities so you can solve problems quickly and independently 24 hours a day, 365 days a year. The portal also provides direct access to our support engineers through an online service request facility. From one central location, you will find everything you need – support offerings, policies and procedures, contact information, as well as:

  • Create, update, and manage Service Requests (cases)
  • Knowledge Base
  • Product notifications
  • Software downloads1
  • How-to videos
  • Community discussions
  • Chat option

1 For trial users please use the Trial Downloads to get the latest generally available version of the software.

 

Quest Software is now Dell Software

 


 

 

© 2013 Quest Software, Inc.

ALL RIGHTS RESERVED.

 

This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Dell Inc.

The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN DELL’S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document.

 

If you have any questions regarding your potential use of this material, contact:

 

Dell Inc.
Attn: LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656
email: legal@quest.com

Refer to our Web site (www.quest.com) for regional and international office information.

 

Patents

The Quest™ Authentication Services product is protected by U.S. Patents #7,617,501; 7,895,332; 7,904,949; 8,086,710; 8,087,075, and 8,245,242. Additional patents pending.

 

Trademarks

Dell, the Dell logo, Quest, Quest Software, the Quest Software logo, and Vintela are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others.

 

 

 

 


Was this topic helpful?

[Select Rating]



Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Related Documents