Authentication Services - Search Global

Refine Your Search
Advanced Queries | | Increase Your Search IQ
What to collect when a MCU task is failing? What to collect when profile host fails ? (113984)

What to collect when a MCU task is failing? What to collect when profile of a host is failing ? It is sometimes necessary to collect the the /tmp/sugixxxx directory on the client and the debug logs from mcu server to troubleshoot the failure. ...

Vastool status error "FAILURE: 721 In-consistent access control ALLOW cache (92364)

When running vastool status you receive the error: FAILURE: 721 In-consistent access control ALLOW cache, check syslog for exact entry". The failure 721 means the number of users.allow entries and the number of access_control database entries do not match. ...

Mod-auth-vas (MAV) protected URLs getting Intermittent 403 and 401 URL errors and "Request is a replay" message shown in log (131846)

Intermittent issue with mod_auth_vas (MAV). When accessing the URLs, receiving intermittent 403 Forbidden and 401 Authorization Required error messages. If we F5 (refresh) the page, it loads successfully, and may continue ...

How to upgrade Authentication Services (117005)

This article is to explain the different methods of upgrading Authentication Services. There is multiple ways to upgrade QAS on the system. RESOLUTION 1: Use the install.sh script at root of the product download to upgrade. ...

Cloning a machine with Authentication Services installed on it or after a backup restore (59691)

To implement Authentication Services on a cloned machine, see suggested steps below. Also if you restored from a backup. If you clone a machine that contains QAS on it you must do the following on the clone: 1) Perform an ...

Misconfigured hosts file causing errors during login (50539)

Misconfigured hosts file causing errors during login. On Redhat machines a hosts file in this format 127.0.0.1 localhost.localdomain localhost hostname. This has been seen on RedHat machine configured for DHCP. This can cause issues trying to authenticate after a join. ...

Cannot connect to samba share Error: NT_STATUS_CONNECTION_REFUSED (101545)

Cannot connect to samba share Error: NT_STATUS_CONNECTION_REFUSED CAUSE 1: smb.conf configuration setting. CAUSE 2: /var filesystem was full. CAUSE 3: Port blocked by firewall. RESOLUTION 1. 1 - Run the following ...

Authentication Services 4.1 Maintenance Fix changelog and download link. 4.1 Latest Release (116643)

----- Authentication Services 4.1 Maintenance Fix Release Notes -----. This is a Maintenance Fix Release for Authentication Services 4.1. ...

ERROR: Preload Nested Membesrships returned result (110783)

ERROR: Preload Nested Membesrships returned result 2 Token groups processed for 172/174 records> Failed. Processing group overrides... OK Caching Srvinfo... OK. CAUSE 1: This can occur if QAS is looking for a user or ...

Solaris AD user authentication issue seen on multiple servers. Can not list users (102533)

Active directory (AD) users can not authenticate on multiple Solaris servers. Can not list users with the /opt/quest/bin/vastool list users. Product Defect. Unexpected failure happens in Active Directory and QAS does not handle it correctly. ...

Cross domain Single Sign On with OS provided OpenSSH (104988)

How do I get cross domain Single Sign On working with OS provided SSH? The Operating System openSSH considers a local user name to be from the domain that the machine is in. For example, if HostA is in AD/Kerberos ...

Unix Account tab not appearing in ActiveRoles Server (ARS) MMC. (44398)

The Quest Authentication Services (QAS) Unix ("Unix Account") tab is not appearing when viewing user account properties in the ActiveRoles Server MMC. The tab does appear in Active Directory Users and Computers. QAS ...

How to unix enable existing users on the command line with vastool command (109277)

This article is to show examples of unix enabling existing users on the command line with vastool command RESOLUTION 1: 1 - Create a file with the users in it. more load_users.txt. john:passwd:1001:1000:John Doe:/home/john ...

How to hide a user from the local system if they are denied through Authentication Services. Want the su form root to fail if denied. (65681)

How to hide a user from the local system if they are denied through Authentication Services (QAS). I want the su - username to fail if the user is not allowed access even if from root. First su is succeeding when the user should be denied. ...

Can objects other than users be added to or removed from AD groups with vastool? (129978)

Can objects other that users be added to or removed from AD groups with vastool? The command searches Active Directory for samaccountname. RESOLUTION 1: The vastool group command looks for the samaccountname object in AD to add to the group. ...

How do I setup Apache Web Access and protect a website? Where to download MAV for apache? (84231)

How do I setup Apache Web Access and protect a website? Where can I download Mod-Auth-Vas? Download and install mod_auth_vas plugin from http://rc.quest.com/topics/ mod_auth_vas/. run # sh ./setup-mod_auth_vas. To ...

SSH root logins are allowed and should not be (27992)

Users are able to directly log in as the "root" account, providing they supply the correct password. The default setting in some versions of openSSH for "PermitRootLogin" is "yes". 1 - Modify the " PermitRootLogin" parameter in the relevant SSH config file. ...

On HPUX ls -l doesn't resolve UIDs or GIDs into names (69663)

When doing an ls -l in a directory with Unix Enabled QAS users, the UIDs and GIDs are not being resolved into names. eg bash# /sbin/ls -l drwx----- 2 1001 1000 8192 Dec 17 2009 vasuser. However, running a # /usr/bin/ls -l does resolve the IDs into names. ...

Cannot login with users setup as permanent disconnected users, when VAS is unable to communicate (22282)

Users setup as permanent disconnected users, cannot login when VAS is unable to communicate with Active Directory (AD). Which is contrary to what the pam_vas man page states: " [that] for persistent disconnected authentication ...

There is a problem with this Windows Installer Package installing msi packages / The installation directory cannot be determined (119869)

In Authentication Services 4.1 a number of msi files are available for install and msiexec installs from the command line are also available. Installing using msiexec on Windows Server 2008 will sometimes cause an error message ...

How to install or upgrade the Group Policy Extensions. Missing Unix settings in Group Policy Management Server (138673)

How to install or upgrade Group Policy Management Extension. Do not see "Unix Settings" on the Group Policy Management Server. 1 - Download the latest version of Authentication Services by going to. https://support.software ...

Authentication fails after join succeeds, spn is not correct (86911)

Authentication fails after join succeeds, spn is not correct. Unable to login to the server. configuration of resolv.conf is not correct. RESOLUTION 1: 1 - Add SEARCH entry to /etc/resolv.conf. 2 - /opt/quest/bin/vastool -u Administrator unjoin. ...

Groups not showing up or login fails in Authentication Services 4.1.0.21267 (140964)

Under certain conditions group do not show up in Authentication Services 4.1.0.21267. Group membership are missing from users. Logins could fail due to missing group membership on access groups. Product Defect in version ...

QAS-VAS 4.0.3 Maintenence Fix changelog and download link (82767)

----- QAS 4.0.3 Maintenance Fix Release Notes -----. This is a Maintenance Fix Release for QAS 4.0.3. Below is a ...

MCU not validating AD credentials (125630)

Users can log into the Managment Console for Unix (MCU) with their AD accounts and can perform all the functions that do not require AD credentials (such as profiling systems and installing QAS). However anything that does ...