Unable to login to a QAS host.
There was an entry in /etc/passwd file with the same username (duplicate username).
Delete or comment out the local username that is the same. (If this is not the case please read below 'Additional Information'.)
Troubleshooting user login issues:
1 - Can you list the user, i.e., vastool list user <username>?
If you cannot list the account, it may be missing the 'userPrincipalName' (UPN) or another Unix attribute. The UPN must be filled out:
- Go to Active Directory Users and Computers (ADUC), open the properties of the user’s account, select the "Account" tab and ensure the user logon name is filled in.
2 - Is the account in an access control group? If yes, list the group: vastool list group <groupname> - does it show the user as a member of the group?
3 - vastool nss getpwnam <username>
- Does the second field show VAS? If not there is probably a conflict with a local account. grep <username> /etc/passwd and grep <uid> /etc/passwd
4 - vastool user checkaccess <username> - Does it report "allowed"?
5 - vastool -u <username> kinit
- This will determine if the account can get a kerberos ticket.
6 - Is one method of authentication failing or more than one? To determine this test su - <username> and then again su - <username> and enter in a password. Then also test ssh to the account.
7 - vastool status
- Use this command to check the health of QAS.
8 - Check system logs. If errors are seen in log files when the user is denied access, search again for solutions containing the error message you are seeing.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center