Users exist in AD and were working fine before the upgrading to QAS 4.0.x. After the upgrade, no QAS users can login in. Attempting to su to the user will give the following error:
[root@host-a ~]# su - someuser
id: cannot find name for user ID 1234
id: cannot find name for user ID 1234
[I have no name!@host-a~]$
If user-hide-if-denied was set to true, nss getpwuid calls would fail even for users who were not denied, causing them to be denied access to the host.
This defect was fixed in QAS 4.0.1.59; upgrading to this version or higher will solve the problem. A workaround for this issue is to comment out the "user-hide-if-denied = true" line in vas.conf and restart vasd.
Bug 22888
* vasd: Fix vasd db handler sefault on login when hide-if-denied was enabled.
Bug 23243
* nss_vas: If user-hide-if-denied was set to true, nss getpwuid calls would fail
for users who were not denied causing them to be denied access to the box.
Bug 23276
* vasd: users.allow by-user rules could fail to process if hide-if-denied was
enabled, this has been fixed.
Bug 23282
* nss: getpwent could fail to return any VAS users if the first user processed
was denied access and hide-if-denied was enabled. Fixed.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center