-
Título
A user with an entry in the users.deny file can log on and the 'vastool user checkaccess' command output shows "Access Rule = [NONE]" -
Descrição
A user with an entry in the users.deny file can log on and the 'vastool user checkaccess' command output shows "Access Rule = [NONE]"
The 'vastool user checkaccess <username>' command output displays:
--------------------------------------
ALLOWED [user=user01] [service=(any)]|
Access Rule = [NONE]
--------------------------------------
The user is only in a the local users.deny access control file and therefore should be denied access. -
Causa
The user has a 'Log On To' entry in Active Directory for the system and Authentication Services is configured to use this setting for access control. -
Resolução
Check if 'Log On To' is configured in the vas.conf file on the system.
Look for the following entry:
----------------------------------
[vas_auth]
use-log-on-to = true
----------------------------------
If this setting is configured then any users with the 'Log On To' setting for this specific system will be able to log on.
This is expected behaviour as the 'Log On To' access control will override any local access control files.