This article is to describe how to setup permanently or persistent disconnected users. Disconnected mode is when the machine is not able to communicate to the Active Directory Domain Controllers. User's who have laptops that travel should be setup this way on the laptop.
To set up a user for who will be travel with a laptop:
1. sudo /opt/quest/bin/vastool configure vas vas_auth perm-disconnected-users
2. Set the user's Service principal name
/opt/quest/bin/vastool -u setattrs serviceprincipalname
EXAMPLE: vastool -u administrator setattrs tuser1 serviceprincipalname vas/tuser1
3. Run the command sudo /opt/quest/bin/vastool flush
Before the user is going to travel it is recommend that you do the following:
1. Stop the vasd daemon
/opt/quest/bin/vastool daemon stop vasd
Note vastool daemon command is available on some version of QAS. You can also use /etc/init.d/vasd stop on Solaris or Linux.
2. Back up the /var/opt/quest/vas/vasd/*.vdb files and the /var/opt/quest/vas/authcache/*.vdb files
3. Test that the user can log in
Disconnected Authentication
When vasd is unable to contact the KDC or the Active Directory server, it reverts to disconnected mode. While in disconnected mode all NSS and PAM requests are resolved from the cache which is a sqlite database located in /var/opt/quest/vas/vasd directory
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center