Users can not authenticate using their Active Directory ID on one system. The following error message is present in the messages log:
There are two possible causes for this error:
The group included in the users.allow file cannot be found.
This machine has not been configured to use the VAS pam libraries. This can be confirmed by looking at the /etc/pam.conf file or the contents of the /etc/pam.d/ files and seeing that there are no lines using the pam_vas3 libraries.
If the group included in users.allow cannot be found then check the group in Active Directory and make sure
i. The group exists
ii. It is a Security Group not a Distribution Group
iii. The "Group name (pre-Windows 2000)" name matches the group name
Note that there is a defect in VAS versions 3.5.2.48 to 3.5.2.59 where the "vastool configure pam" command does not work correctly in all cases (Defect ID# 22212). In that case it is recommended to upgrade to a more recent version
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center