DirectAudit NSS Settings

Use the group policies under DirectAudit NSS Settings operations for the name switching service.

Override audit level for a list of users

Use this group policy to specify individual user names and audit levels or a file that contains the list of user names for which you want to override the default audit level. For more information about the how this group policy affects user auditing in classic and hierarchical zones, see the discussion of the nss.user.override.userlist parameter in the Configuration and Tuning Reference Guide.

To use this group policy:

  1. Double click the policy in the right pane of the Group Policy Management Editor.
  2. On the Policy tab, select Enabled.
  3. Type each user name and audit level using the following format:
    user_name[:audit_level]

    Alternatively, you can type the name of a file that contains a list of user names and audit levels.

  4. Click OK to save your settings.

Set audit level for conflict user

Use this group policy to specify the audit level to use if there is a conflict caused by a user being included in the ignores users list and having a use_sysrights audit level defined.

To use this group policy:

  1. Double click the policy in the right pane of the Group Policy Management Editor.
  2. On the Policy tab, select Enabled.
  3. Select the audit level to use when there is a conflicting audit level defined for a user.
  4. Click OK to save your settings.

Set audit level for users listed in uid.ignore

Use this group policy to specify the audit level for users who are listed in the user.ignore or uid.ignore file. For more information about the how this group policy affects user auditing in classic and hierarchical zones, see the discussion of the nss.user.override.auditlevel parameter in the Configuration and Tuning Reference Guide.

To use this group policy:

  1. Double click the policy in the right pane of the Group Policy Management Editor.
  2. On the Policy tab, select Enabled.
  3. Select the audit level to use for users listed in the ignored user list.
  4. Click OK to save your settings.

Set ignored programs

Use this group policy to list the programs that should not look up account information in Active Directory. If this group policy is not enabled or not configured, the following programs that are used for local account management are ignored by default:

useradd
userdel
adduser
usermod
mkuser
rmuser
chuser

If you enable this group policy, you must specify the list of programs to be ignored separated by spaces.

To use this group policy:

  1. Double click the policy in the right pane of the Group Policy Management Editor.
  2. On the Policy tab, select Enabled.
  3. Type program names separated by spaces.
  4. Click OK to save your settings.

Set no-login shells

Use this group policy to specify the shells that are treated as no-login shells.

If this group policy is disabled or not configured, the shells /sbin/nologin and /bin/false are treated as no-login shells. If this group policy is enabled, specify one or more shells in a space-separated list.

To use this group policy:

  1. Double click the policy in the right pane of the Group Policy Management Editor.
  2. On the Policy tab, select Enabled.
  3. Type one or more shell names, separated by spaces, in the No-login shells field.
  4. Click OK to save your settings.

This group policy modifies the nss.nolgin.shell setting in the configuration file /etc/centrifyda/centrifyda.conf.

Set override audit level for non‑Hierarchical zone users

Use this group policy to specify the default audit level to use if a specific audit level is not defined for users in a classic zone. For more information about the how this group policy affects user auditing in classic zones, see the discussion of the nss.alt.zone.auditlevel parameter in the Configuration and Tuning Reference Guide.

To use this group policy:

  1. Double click the policy in the right pane of the Group Policy Management Editor.
  2. On the Policy tab, select Enabled.
  3. Select the default audit level to use in classic zones.
  4. Click OK to save your settings.