Return
-
Title
Group command results showing up differently on machines -
Description
Group command results showing up different on machines -
Resolution
If a user logs into a system using a password, their groups should be mostly identical for any system on the domain. Domain local group memberships can change ( domain local groups are only supposed to show up when logging into the domain they are in. )If they don't log in with a password, vasd makes a best effort to get their current memberships using the tokenGroups attribute in AD, but that can be incomplete.( Especially cross domain. )Here is a command to see what groups are listed in a user's PAC:# /opt/quest/bin/vastool -u <user> auth groupsAlso /etc/opt/quest/vas/vas.conf setting differences and pam configuration could also cause different behaviour on machines.