Unix-enabled group listed in users.allow. That group contains another, nested non-unix-enabled group. Members of that second group are denied access. (4261412)

Unix-enabled group listed in users.allow. That group contains another, nested non-unix-enabled group. Members of that second group are denied access.

Unix-enabled group listed in users.allow. That group contains another, nested non-unix-enabled group. Members of that second group are denied access.

Test using the vas.conf setting expand-ac-groups.

From the vas.conf man page: expand-ac-groups

When processing access control groups, unroll memberships. This is slow, but will pre-populate ALL members of the groups. Nesting, cross domain, cross forest. After a join this might take a while to initially apply depending on number and size of groups and complexity of nesting.

(/etc/opt/quest/vas/vas.conf)

[vas_auth]
expand-ac-groups = true

This command will enter it automatically. You may need to restart the vasd daemon

# /opt/quest/bin/vastool configure vas vas_auth expand-ac-groups true

# /opt/quest/bin/vastool daemon restart vasd