Unable to su over to a user that is part of the nested group
Running the command:# vastool -u host/ attrs -b test-user tokenGroups gave the following error:
ERROR: The following attributes were not found: tokenGroups
ERROR: VAS_ERR_NOT_FOUND: Not found
The computer object (host/) did not have permission to read tokenGroups attribute on the user object
The permissions need to be changed to allow the computer object read the tokenGroups attribute on the user object
Here are several suggests to accomplish this:
1. Let the Everyone group read it.
2. Let the Authenticated Users group read it.
3. Let the Domain Computers group read it.
4. Create a group, make the computer objects a member of the group, then let that group read it.
/opt/quest/bin/vastool -u host/ attrs -b <username> tokenGroups