One Identity has been named as an ASP "Ten Best Web Support Sites" award winner. Learn more.

Authentication Services - Knowledge Base

Filter Your Results
Search All Products

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Featured Content
Slow Authentication with Solaris 10
QAS-VAS 4.1 Maintenance Release
Authentication Services 4.1 - Platform Support
User Cannot Login Troubleshooting
DROWN attack and MCU
Host Password Sync Issue
Support Technical Training
Contact Support
Contact Support

Search Knowledge Base by keyword

(Choose different product)



Sort By Last Updated
Displaying 1-25 of 2187
The vastool status warning "smb-dialect-range ' - ' is invalid" is seen on Solaris systems running 4.1.2.23022 with smb-dialect-range set in vas.conf (232249)

The following status warning "smb-dialect-range ' - ' is invalid" on is seen Solaris systems running 4.1.2.23022 with the vas.cn smb-dialect-range set. The full message could look like this: # vastool status: awk: syntax error near ...

Product(s): Authentication Services
Last Updated On: 9/21/2017
(0 Ratings) 43 views
On AIX user not showing ID name but showing just the UID number. FAILURE: 612 /etc/security/user has default: registry setting (232864)

On AIX server with more that one repository on the system, QAS User viewing files it see's the UID number and not the name. /opt/quest/bin/vastool status reports FAILURE: 612 /etc/security/ user has default: registry setting <compat>. AIX only. ...

Product(s): Authentication Services
Last Updated On: 9/15/2017
(0 Ratings) 7 views
How to create users and how to unix-enable users on the command line. Commands for user creation scripts. (109277)

This article is to show examples of different commands to create users. How to unix enabling existing users on the command line with vastool command. How to create user and unix enable them at once. Commands that can be used in scripts to create users. RESOLUTION 1: ...

Product(s): Authentication Services
Last Updated On: 9/15/2017
(0 Ratings) 2473 views
QAS staying in disconnected state during disaster recovery tests (188644)

During disaster recovery (DR) tests, QAS is unable to connect to the domain controllers that have been set up in the DR environment. QAS is still attempting to connect to the DCs that were being used before the DR test and is unable to reach any of them. ...

Product(s): Authentication Services
Last Updated On: 9/14/2017
(0 Ratings) 826 views
Is there any way we can use commands trigger the server profiling within MCU? How to script MCU tasks. (232813)

Is there any way we can use commands trigger the server profiling within MCU ? How to script MCU tasks. MCU PowerShell Cmdlets and Unix CLI Commands could be used. PowerShell modules provide a "scriptable" interface to many mangement console tasks. ...

Product(s): Authentication Services, Privilege Manager for Sudo
Last Updated On: 9/14/2017
(0 Ratings) 14 views
Slow authentications for service accounts (232476)

For some service accounts which require many concurrent authentication sessions authentications (multiple authentications per second) can be delayed. There are some problems with the way multiple rapid authentications in QAS were handled between 4.1.0 through 4.1.2. ...

Product(s): Authentication Services
Last Updated On: 9/13/2017
(0 Ratings) 26 views
vasd daemon going into disconnected mode error VAS_ERR_CRED_NEEDED (116524)

The Authentication Services vasd daemon goes into disconnected mode and then will not reconnecct unless the daemon is restarted. The following message is seen in the syslog messages: parent_loop_body: Network state ...

Product(s): Authentication Services
Last Updated On: 9/13/2017
(1 Ratings) 6218 views
Authentication Services 4.1.3 Maintenance Fix changelog and download link (228689)

Authentication Services 4.1 Maintenance Fix Release Notes ----- This is a Maintenance Fix Release for Authentication Services 4.1.3. Below is a complete list of all included changes to the Authentication Services product ...

Product(s): Authentication Services
Last Updated On: 9/12/2017
(0 Ratings) 765 views
Error: "mapcache_update: search failed on filter vintela-nisMap" in the syslog. Mapcache update fails on domain controller (16593)

LDAP error received in the syslog regarding nismaps: mapupdate[3993]: mapcache_update: search failed on filter: (&(objectCategory=vintela-nisMap)( uSNChanged>=154525)), vas error = VAS_ERR_ NOT_FOUND: End of LDAP results for filter: "(&(objectCategory=vintela ...

Product(s): Authentication Services
Last Updated On: 9/12/2017
(1 Ratings) 1518 views
How to integrate QAS and NFSv4? (125565)

This document is to describe steps done to set up NFSv4 on Ubuntu 12.10 and Authentications Services. The steps would be similiar on other operating systems as well. Please note that NFS clients and servers are not supported. ...

Product(s): Authentication Services
Last Updated On: 9/11/2017
(1 Ratings) 2477 views
For customers who are in need of TLSv1.1 and TLSv1.2 support in MCU 2.5.1 the following steps are required: (232712)

NOTE: The ability to download Oracle JRE 1.6.0.121 or higher is REQUIRED. MCU 2.5.1 uses Jetty as its backend HTTP web server. Jetty relies on JAVA for its security protocols such as TLS and its cipher suites. In order to ...

Product(s): Privilege Manager for Unix, Authentication Services, Privilege Manager...
Last Updated On: 9/8/2017
(0 Ratings) 39 views
users.allow issue with newly created GPO policies (232606)

The GPO was not updating until it was first modified via Group Policy Management MMC. The GPO was created via script. Custom script issue. Create the GPO via Group Policy Manager MMC. We only support our MMC plugins and not custom scripts.

Product(s): Authentication Services
Last Updated On: 9/6/2017
(0 Ratings) 10 views
Does not override group id # if set as primary group. How to override primary group id (GID). (232634)

Does not override group id # if set as primary group. How to override primary group id (GID). Configuration issue. In order to override users' primary group ids (GIDs), you must use an user-override file and not a group-override file. RESOLUTION 1: ...

Product(s): Authentication Services
Last Updated On: 9/5/2017
(0 Ratings) 13 views
Intermittent slowness for one AD account (232612)

Intermittent slowness for one AD account Product Defect 693275 fixed in 4.1.1.22875. * vasd: Speed up the same account logging in over and over. Product Defect 713220 fixed in 4.1.2.23053. * auth: Fix issue with simultaneous logins introduced with the fix for 693275. ...

Product(s): Authentication Services
Last Updated On: 9/4/2017
(0 Ratings) 5 views
ERROR: No servers could be found.ERROR: VAS_ERR_NOT_FOUND: Not found (232610)

We consistently receive "no servers could be found" from a group of servers in remote data center. The error message is from "vastool info servers" command. Product Defect 680860 4.1.1.22843 * vasd: Better handle the situation where all in-site DCs are unreachable. ...

Product(s): Authentication Services
Last Updated On: 9/4/2017
(0 Ratings) 4 views
Unable to install Quest Authentication Services ActiveRoles Integration 2.1.0.442 (232549)

The following error is reported when the “Authentication Services ActiveRoles Integration Pack 2.1.0.442” in installed on the Active Roles server. “Unable to install Quest Authentication Services ActiveRoles Integration 2.1.0.442. ...

Product(s): Active Roles, Authentication Services
Last Updated On: 9/4/2017
(1 Ratings) 73 views
Sudo stops working for Non-Unix enabled groups when using sudo 1.8.15 or higher (232584)

The following type of entry in sudoers no longer works for non-Unix enabled Active Directory groups when using Sudo versions above 1.8.15: %myadmingroup ALL=(root) /bin/su, /usr/bin/su, /bin/su -, /usr/bin/su -. Where myadmingroup ...

Product(s): Authentication Services
Last Updated On: 9/1/2017
(0 Ratings) 2 views
FAILURE: 608 Pam errors when running vastool status (232557)

When "vastool status" is run the following errors are being reported: FAILURE: 608 Pam <password-auth><session> not configured for QAS. FAILURE: 608 Pam <system-auth><session> not configured for QAS. Running "vastool configure pam" doesn't fix the errors. ...

Product(s): Authentication Services
Last Updated On: 8/31/2017
(0 Ratings) 21 views
Management Console for Unix will not load in Internet Explorer 11 saying page cannot be displayed. Firefox Secure Connection Failed (211319)

While loading the Management Console for Unix in Internet Explorer 11 or Edge after an update it fails to load stating 'Page Cannot Be Displayed' and indicates a server error. Chrome gives "ERR_INVALID_HTTP_RESPONSE. ...

Product(s): Privilege Manager for Unix, Authentication Services, Privilege Manager...
Last Updated On: 8/30/2017
(1 Ratings) 1892 views
Weak SSL cipher on port 9443/tcp vulnerability on Management Console for Unix server. Security reports return MCU URL for concerns. (84560)

Security auditing is flagging a weak SSL cipher being used on port 9443/tcp. Management console for Unix (MCU) previosly known as Identity Manager for Unix (IMU) uses port 9443 You may need to enable the more secure ...

Product(s): Privilege Manager for Unix, Authentication Services, Privilege Manager...
Last Updated On: 8/30/2017
(0 Ratings) 5160 views
Slow authentication times for uncached users (232448)

When an AD account authentication occurs on some systems there is a delay of about 10 seconds. Once cached authentications are fast. This occurs with ssh, with sudo, and with our A/D application, but only on some systems. ...

Product(s): Authentication Services
Last Updated On: 8/28/2017
(0 Ratings) 37 views
"Upgrade reported success but could not validate upgraded package (vasclnt). May not be properly upgraded.” (226088)

When upgrading an AIX server from 4.1.0.x to 4.1.1.x via the Management Console for Unix (MCU) one or both of the following errors may be reported. "Upgrade reported success but could not validate upgraded package (vasclnt). May not be properly upgraded.”. ...

Product(s): Authentication Services
Last Updated On: 8/23/2017
(0 Ratings) 242 views
Incorrect DC selected for site with no DCs assigned to it (232294)

A QAS client that is in a domain and site that doesn't have any DCs assigned to it is selecting a DC from another domain. Is there a way to get QAS to use a DC from a nearby site that would be more appropriate? If there aren ...

Product(s): Authentication Services
Last Updated On: 8/23/2017
(0 Ratings) 38 views
How to create a keytab against an existing service account in Active Directory. (122644)

For various reasons a keytab may be required for use against an existing service account in Active Directory. To do this manually can be difficult. The script included in this article is designed to simplify this task. It does require ...

Product(s): Authentication Services
Last Updated On: 8/18/2017
(0 Ratings) 3045 views
KRB5KRB_AP_ERR_ILL_CR_TKT (-1765328341): Invalid cross-realm ticket (54961)

You have create a transit trust between 2 forest and tested and they work. You have followed the instruction in the KB Article SOL45637 but still authentication fails for cross forest users. root@stewie vastool -u testuser -e auth ...

Product(s): Authentication Services
Last Updated On: 8/17/2017
(0 Ratings) 2158 views