-
Title
Unable to log in after AIX service pack upgrade. Affects 7.1 and 7.2. -
Description
Recently upgraded AIX to 7200-05-01.
This also applies to AIX 7100-05-07 as well.
Post upgrade UNIX enabled AD users are no longer able to authenticate.
IBM has documented this issue under the following APAR's.
-
Cause
Changes by IBM in the service pack affecting LAM authentication. -
Resolution
RESOLUTION #1:
IBM has a fix for this. The APAR number to reference for AIX 7.1 is IJ29552 and for AIX 7.2 it is IJ29730.
PLEASE NOTE:
**The below recommendations are directed at customers using both LAM and Mapped User Mode**
The new AIX OS update needs to have the VASMU setting explicitly set. That's set in /etc/methods.cfg, with the authonly flag.
That can be set per person, with the command:
chsec -f /etc/security/user -a SYSTEM=VASMU -s
Or vastool / vasd can set it for all user's in the mapped user file if this setting is disabled:/opt/quest/bin/vastool configure vas vas_auth mapped-user-directory-auth-optional
Then the mapping re-applied with:
/opt/quest/libexec/vas/vasd/vas_muupd -fRESOLUTION #2:
Switch over to PAM authentication from LAM authentication.
How to enable AIX to authenticate users via PAM instead of LAM
https://support.oneidentity.com/safeguard-authentication-services/kb/136434/