Users are not being displayed as members of the 'Domain Users' group
For example the following command does not return all users that are members of the 'Domain users' group:
# /opt/quest/bin/vastool list group 'domain users'
By default, Quest Authentication Services does not include Windows primary group membership in Unix group membership.
Set the 'groups-skip-wpg = false' option in vas.conf to enable Windows Primary groups to display in group memberships.
This can be configured by running the following command:
# /opt/quest/bin/vastool configure vas nss_vas groups-skip-wpg false
The following is an extract from the man page for vas.conf:
-------------------------------------------
groups-skip-wpg = <true | false>
Default value: true
By default, QAS does not include Windows primary group membership in Unix group membership for performance reasons. This can be
enabled by setting the groups-skip-wpg option to false in the [nss_vas] section of vas.conf. This setting defaults to true.
However, since the Windows Primary Group is included in membership lists generated through an Authentication (either from the PAC
or from a Token-Groups update), once the user has authenticated on the host, the membership will be honored regardless of this
setting.
[nss_vas]
groups-skip-wpg = false
-------------------------------------------
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center