-
Title
Unix clients not getting custom attributes. Unix attributes not appearing in Unix account tab -
Description
Authenticating to an Active Directory (AD) stops after upgraded to QAS 4.x on window side. Or post QAS upgrade to 4.x on windows side, the necessary UNIX attribute are not correctly populated into users accounts in UNIX Account tab in Active Directory Users and Computers.
-
Cause
CAUSE 1:
The schema configuration can be customized in the QAS 4.x Control Center. QAS 4 clients know to look in the Quest Authentication Configuration (QAC) for this kind of custom information, however QAS 3 clients do not have this capability.
CAUSE 2:
Custom attributes which were set previously through QAS or VAS configuration tool are no longer set
-
Resolution
RESOLUTION 1:
1 - To tell QAS 3 clients about custom LDAP attributes, add a line in the [vasd] section of /etc/opt/quest/vas/vas.conf, mapping the field to the custom LDAP attribute. For example, if the gecos field is mapped to the displayName attribute rather than the default gecos attribute, you can put in a line as below:
gecos-attr-name = displayName
The following attributes can be set this way:
uid-number-attr-name
gid-number-attr-name
gecos-attr-name
home-dir-attr-name
login-shell-attr-nameThese setting can also be made on QAS 4 clients to override the settings that the client gets from the Quest Authentication Configuration.
RESOLUTION 2:
To set the attributes globally for the 4.x clients, do the following;
1- Go to the Authentication Services Control Center2- Click on Preferences on the left panel3 - Click on ^ next to Custom Unix Attributes to expand it4 - Click on the blue Customize... link5 - Fill in the attributes you wish to use.The attributes set here are stored in the QAS Application Configuration (QAC) within AD.