Welcome to our NEW support portal! We are now One Identity, with a dedicated support site. Learn more.

Authentication Services - Knowledge Base

Filter Your Results
Search All Products

Self Service Tools
Knowledge Base
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Featured Content
Slow Authentication with Solaris 10
QAS-VAS 4.1 Maintenance Release
Authentication Services 4.1 - Platform Support
User Cannot Login Troubleshooting
DROWN attack and MCU
Host Password Sync Issue
Support Technical Training
Contact Support
Contact Support

Search Knowledge Base by keyword

(Choose different product)



Sort By Last Updated
Displaying 1-25 of 2158
Policies not being applied when joined to a Windows 2012 R2 Server with SMB1 disabled (131056)

Group Polices are not being applied to systems that are joined to Microsoft Windows 2012 R2 Servers that have SMB1 disabled. Authentications are working as expected. QAS versions before 4.1.0.22739 only support SMB1 ...

Product(s): Authentication Services
Last Updated On: 5/17/2017
(0 Ratings) 1443 views
Getting UNKNOWN_USER and invalid user when logging in with lower case on AIX machines. (134749)

When logging in with a username in all lowercase, testuser, access is denied. # vastool list user testuser. DOMAIN\TestUser: VAS:1000:1000:Test User:/home/testuser:/bin/bash. # vastool list -o user testuser. testuser:VAS:1000 ...

Product(s): Authentication Services
Last Updated On: 5/17/2017
(2 Ratings) 5043 views
Does Authentication Services support Windows 2012? (104417)

Is Authentication Services supported on Windows 2012 server and Windows 2012 server R2 ? Yes, Authentication Services is supported connecting to Windows Server 2012 domain controllers including R2 version and installed on Windows 2012 servers. ...

Product(s): Authentication Services
Last Updated On: 5/17/2017
(2 Ratings) 2589 views
vgptool error Cannot recv: NT_STATUS_REMOTE_DISCONNECT (130754)

vgptool -d5 apply shows a similar error to the below: ERROR: Unable to copy the network GPT.INI. Unable to copy file from CIFS: Could not connect to any server: NT_STATUS_CONNECTION_REFUSED. Caused By: Cannot ...

Product(s): Authentication Services
Last Updated On: 5/17/2017
(0 Ratings) 1671 views
Built in group membership functions are returning incorrect return codes (229465)

The build in policy function vas_host_in_ADgrouplist() always returns 0 (server found at index zero), and vas_host_is_member() always returns 1 (server found in group). The problem was traced to the vas_computer_is_member ...

Product(s): Privilege Manager for Unix, Authentication Services
Last Updated On: 5/16/2017
(0 Ratings) 14 views
Does QAS support IPv6 only environments? (70167)

Does QAS support IPv6 only environments? Support for IPV6 was introduced in Authentication Services 4.1. Authentication Services was released in Sept, 2013. It is not supported in previous versions. There are some requirements ...

Product(s): Authentication Services
Last Updated On: 5/15/2017
(0 Ratings) 1876 views
QAS and pam_tally2 interaction (66042)

Account is locked when authenticating. Pam_tally2 locks the account when the user authenticates regardless of if the login was successful or unsuccessful. User is unable to authenticate again until the account lock has been cleared. ...

Product(s): Authentication Services
Last Updated On: 5/13/2017
(1 Ratings) 2832 views
Logins are slow using sshd (122343)

Slow logins are seen when logging in via ssh. The sshd daemon does a UseDNS (Domain Name System) reverse lookup of the client comming in and that can potentially add seconds to a login. In the sshd configuration file ...

Product(s): Authentication Services
Last Updated On: 5/12/2017
(0 Ratings) 1287 views
Authentication failures/slowness after 4.1.1 upgrade (228197)

After upgrading from QAS 4.0.3 to QAS 4.1.1 system performance is very slow and we are seeing a lot of messages like this in the messages file: Dispatcher::Child 20726(Authentication handler) busy for <40> seconds, sending kill signal. ...

Product(s): Authentication Services
Last Updated On: 5/12/2017
(0 Ratings) 11 views
Smartcard authentication over SSH (229256)

Is it possible to authenticate against a remote system using a smart card over SSH? It is possible to use smartcards to authenticate over ssh, however in order to do it you would need SSH software that supports that functionality. ...

Product(s): Authentication Services
Last Updated On: 5/9/2017
(0 Ratings) 2 views
User ticket encryption types uses arcfour-hmac-md encryption, even though only AES encryption typ (95999)

User ticket encryption types uses arcfour-hmac-md encryption, even though only AES encryption types have been specified in vas.conf. -- vas.conf entries: [libdefaults] default_realm = I.TS.HAL.CA.QSFT. ticket_lifetime = 36000 ...

Product(s): Authentication Services
Last Updated On: 5/3/2017
(1 Ratings) 3249 views
How to run a backtrace on a core file? (43706)

How to run a backtrace on a core file? After a segfault or process crash you may need to obtain more information. Backtraces can provide more detailed information. Operating system platforms have different methods of obtaining back trace information. ...

Product(s): Privilege Manager for Unix, Authentication Services, Privilege Manager...
Last Updated On: 4/28/2017
(0 Ratings) 5346 views
QAS Windows installation error: "-2147023293 ErrorCode: Fatal error during installation" (228877)

When attempting to install the latest version of QAS software on a Windows server the installer is failing with the message: Results. Installation failed: -2147023293 ErrorCode: Fatal error during installation. Package Errors. Core ...

Product(s): Authentication Services
Last Updated On: 4/27/2017
(0 Ratings) 3 views
Are Extended ASCII specials or symbol characters supported in users passwords? (51025)

When users attempt to logon using extended ascii characters they are not able to log in. The following error may be seen in log files: "KRB5KDC_ERR_PREAUTH_FAILED (-1765328360): Preauthentication failed" What characters are supported for users? ...

Product(s): Authentication Services
Last Updated On: 4/27/2017
(0 Ratings) 2222 views
Is there a way to force VASD .vasypd to exclude UDP ports from it's usable range? (228816)

vasypd starts on a random un-used UDP port. Can it be bound to a port or have a port excluded? RESOLUTION: Vasyp registers with the RPC Server to have a port assigned to it. There is no way to control or override this. Stopping ...

Product(s): Authentication Services
Last Updated On: 4/26/2017
(0 Ratings) 11 views
Authentication Services 4.1.2 Maintenance Fix changelog and download link (228689)

-----. Authentication Services 4.1 Maintenance Fix Release Notes -----. This is a Maintenance Fix Release for Authentication Services 4.1.2. ...

Product(s): Authentication Services
Last Updated On: 4/26/2017
(0 Ratings) 23 views
Authentication Services 4.1.1 Maintenance Fix changelog and download link. (225117)

----- Authentication Services 4.1 Maintenance Fix Release Notes -----. This is a Maintenance Fix Release for Authentication Services 4.1.1. ...

Product(s): Authentication Services
Last Updated On: 4/25/2017
(1 Ratings) 967 views
How to install SSO for SAP without joining QAS to the domain (85143)

How to install SSO for SAP without joining QAS to the domain. 1. Install the vasclnt package 2. Run the below command to configure the vas.conf, replacing YOURDOMAIN.COM # /opt/quest/bin/vastool configure realm YOURDOMAIN.COM. ...

Product(s): Authentication Services
Last Updated On: 4/21/2017
(0 Ratings) 2666 views
Man pages for vastool command - 4.1.1 (228506)

Man page entries for vastool command. Name. vastool — The QAS command line administration utility. Synopsis. vastool [-v] [-s] [-q] [-h [command] ] [-u username ] [-w password ] [-k keytab ] [-d level ] [-e level ] { command [ arguments ] }. Overview. ...

Product(s): Authentication Services
Last Updated On: 4/19/2017
(0 Ratings) 25 views
How can I capture a NSS debug on my *nix system? (30235)

Outline the steps required to enable NSS debugging on a non-AIX system. Steps for enabling (and disabling) NSS debugging. 1 - touch /var/opt/quest/ vas/.qas_id_dbg. Debug will start after 30 seconds in the file /tmp/qas_module ...

Product(s): Authentication Services
Last Updated On: 4/18/2017
(0 Ratings) 3299 views
How to create a keytab against an existing service account in Active Directory. (122644)

For various reasons a keytab may be required for use against an existing service account in Active Directory. To do this manually can be difficult. The script included in this article is designed to simplify this task. It does require ...

Product(s): Authentication Services
Last Updated On: 4/12/2017
(0 Ratings) 2777 views
Unable to connect via SSH into a Red Hat 6.x or 7.x. vastool status reports INFO: SELinux enabled (70022)

Unable to connect via SSH into a Red Hat 6.x or 7.x installation with Selinux enforced. Su'ing twice to Authentication Services works fine. vastool status reports INFO: SELinux enabled. WORKAROUND 1: 1 - Temporarily switch off selinux: echo 0 >/selinux/enforce. ...

Product(s): Authentication Services
Last Updated On: 4/11/2017
(0 Ratings) 9407 views
Installing/Uninstalling Quest Authentication Services in an IBM VIOS (77198)

For instructions Installing/Uninstalling Quest Authentication Services in an IBM VIOS please see the resolution below. VIOS restrictions. In order to maintain the level of control in VIOS, IBM greatly restricts actions of an administrative account on these systems. ...

Product(s): Authentication Services
Last Updated On: 4/11/2017
(0 Ratings) 2285 views
Unable to login and access policy denial incorrectly on Windows Server 2012 (117371)

Joined directly to Windows 2012 domain controller. /opt/quest/ bin/vastool user checkaccess user201 returns the following: ALLOWED [user=user201] [service=login]. Access Rule = [Allow Group - DOMAIN\access-group (users.allow)]. ...

Product(s): Authentication Services
Last Updated On: 4/10/2017
(2 Ratings) 3210 views
How to configure SSL for use with Jetty? How to setup certificate in MCU? (86932)

How to configure SSL for use with Jetty? How to setup certificate in Management Console for Unix? Basic steps. Generate or obtain a public/private key-pair and x509 certificate. Obtain a certificate from a known certificate authority ...

Product(s): Authentication Services
Last Updated On: 4/7/2017
(1 Ratings) 7370 views