IBM Support

Guardium Teradata ATAP activation error "id: guardium: No such user"

Troubleshooting


Problem

When activating the Guardium ATAP for Teradata you see error "id: guardium: No such user". The GUI reports for this traffic are missing OS User and Source Program.

Symptom

Example of the message you see on DB Server when activating ATAP:

/usr/local/modules/ATAP/current/files/bin/guardctl --db-instance=instance_1
activate
Matching module found - teradata is supported by
/usr/local/GIM/modules/ATAP/current/files/lib64/libguard-atap-teradata-any
Installing ATAP library
/usr/local/GIM/modules/ATAP/current/files/lib64/libguard-atap-teradata-any-64.so
in /usr/lib64
Creating permissions
id: guardium: No such user
Set 540 bytes for 'executor/env' in file
'/opt/teradata/tdat/pde/14.10.05.08/bin/pdemain-guard-executor'

Cause

There is no guardium user on the system. This prevents the ATAP from extracting guardium group ID and being able to send data via the KTAP.

Environment

Teradata ATAP

Resolving The Problem

You can resolve the problem by manually adding the guardium group ID in the ATAP executor configuration.

1. Find the guardium group ID e.g:

db_server:~ # grep guardium /etc/group
guardium:!:1004:

2. Stop Teradata

3. Add the guardium group ID to the executor using guard-tag utility.
i) Edit the executor file

For GIM installation:


    <Guardium install directory>/modules/UTILS/current/files/bin/guard-tag edit executor/env <teradata pdemain file>

For non GIM installation:


    <STAP install directory>/guard_stap/guard-tag edit executor/env <teradata pdemain file>

Example with GIM installation:

    /usr/local/guardium/modules/UTILS/current/files/bin/guard-tag edit executor/env /opt/teradata/tdat/pde/14.10.00.02/bin/pdemain

If you are unsure of the location of the pdemain file, it can be found in step 2 under "Setup Teradata ATAP" here. The database must be started to find the file with those steps.

ii) This will open the executor configuration, where the guardium group ID is blank:
ATAP_GUARDIUM_GROUPID=

iii) Add the group ID from 1. in this field and save the file.

4. Start Teradata

If OS User and Source Program are still empty for new sessions, contact Guardium support and attach output of guard_diag from the server.

Related Information

How to collect guard_diag

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21963770

Page Feedback