![]() If the auth command succeeds to troubleshoot the issue further narrow down what method of authentication is failing sshd, su, telnet, ftp, other. grep /etc/passwd and grep /etc/passwdĥ - Are you able to authenticate to QAS with the auth command? If not there is probably a conflict with a local account. Did it show the user a member of the group?Ĥ - Does the second field from the nss command show VAS? If yes list the group /opt/quest/bin/vastool list group. opt/quest/bin/vastool user checkaccess Does it report allowed?ĭoes it report WARNING: NSS lookup (getgrgid) for this user's primary group ID failed? If yes on AIX login will fail until the user has a resolvable primary GID to a name. ģ - Is the account in an access control group? Please note if -u host/ does not work use -u. opt/quest/bin/vastool -u host/ attrs loginShell opt/quest/bin/vastool -u host/ attrs unixHomeDirectory opt/quest/bin/vastool -u host/ attrs gidNumber opt/quest/bin/vastool -u host/ attrs uidNumber opt/quest/bin/vastool -u host/ attrs userPrincipalName If it fails and says is not a QAS user, or a system account., then check the following AD attributes are filled out: If you are not using a mapped users file then you should delete the local user and use OAT to migrate file permissions to the AD account. Then the local account will only be asked for. If QAS returns saying it is both a system account and a QAS user. If all the unix properties and upn are filled out the below command will return user is a QAS user. UPN must be filled out go to Active Directory Users and computer, go to the properties of the User’s account, go to Account tab and make sure the User logon name is filled in.Ģ - Is the user recognized as a QAS user? ![]() If you can not list the account, it maybe missing the User Principal Name (UPN) or a Unix attribute. Starling Identity Analytics & Risk Intelligence.Gerenciamento do ciclo de vida útil da conta do AD.Soluções de gerenciamento de acesso privilegiado.
0 Comments
Leave a Reply. |