-
Title
Why does 'vastool list user' output look different in Quest Authentication Services (QAS) version -
Description
Why does 'vastool list user' output look different in Quest Authentication Services (QAS) version 4.0.x?
E.g.:
4.0.x:
vastool list user testuser
EXAMPLE\testuser:VAS:901:20:testuser:/home/testuser:/usr/bin/ksh3.5.2:
vastool list user testuser
testuser@example.com:VAS:901:20:testuser:/home/testuser:/usr/bin/ksh -
Resolution
Some of the default settings behaviour in QAS 4.x have changed since QAS 3.5. The default logon attribute was 'userPrincipalName' in 3.5. In 4.x the default logon attribute is now 'sAMAccountName'. The default behaviour has also changed for the 'user-full-upn' vas.conf setting and it is now set to 'false'.
To see the full 'userPrincipalName' (UPN) you will need to do the following:1 - /opt/quest/bin/vastool configure vas nss_vas user-full-upn true
2 - /opt/quest/bin/vastool flush
-
Additional Information
Here is some more information about the setting:
user-full-upn = <true | false>
Default value: falseWhen set to true, nss_vas displays the full userPrincipalName (UPN) of the user, otherwise it displays the UPN prefix.
NOTE: Only use this setting when needed, and then test the application for compatibility for using "@" in a name, and test for long names
which result when using user-full-upn.ATTENTION: This option only applies if username-attr-name is set to userPrincipalName (UPN).
[nss_vas]
user-full-upn = true