While UNAB is running in partial integration, users can log in with both their local and Active Directory passwords. However, it may be desired to limit a user or multiple users from logging in with their local password.
To limit a particular user from logging in with their local password while in partial integration, follow the steps below.
1- Stop UNAB
2- Edit /opt/CA/uxauth/uxauth.ini and set pam_ad_password_only to yes.
3- Start UNAB
4- Map the user using the command below
# uxconsole -map -add -scope l <local_user> <ad_user>