-
Title
lsgroup ALL on AIX is returning duplicate Active Directory groups -
Description
When running lsgroup -a ALL on AIX Unix Enabled AD groups are being returned twice.
For example
# lsgroup ALL | grep vasgroup
vasgroup id=1000 users=karl,marcb,admin,nick registry=VASMU
vasgroup id=1000 users=karl,marcb,admin,nick registry=VAS
-
Cause
When joing the machine to AD we add both VAS and a VASMU registry to the methods.cfg file. Even though VASMU is specified as authonly, name service queries are being answered by it aswell the normal VAS registry.
-
Resolution
WORKAROUND 1
Use the -R option with lsgroup lookup to only query against the VAS registry
eg. # lsgroup -R VAS ALLWORKAROUND 2
If you are not using mapped-users on AIX, you can remove/comment out the entire VASMU registry section in the /usr/lib/security/methods.cfg file being careful to preserve the spacing in the file.
STATUS
Waiting for fix in a future release of Quest Authentication Services -
Change Request
25822