Error: Cannot resolve access control group
In the Group policy management tool, if you choose "Add Custom" and type in the name and select User, it doesn't put the UPN into the users.allow file. Therefore QAS thinks it is a group instead of a user.
In the Group policy management tool when editing the users.allow file choose "Add User for users.
In the users.allow file the full UPN of the user must be in the file. For example: tuser1@cs-unix.ca
Here is some information from the users.allow.sample file:
-bash-3.00# more users.allow.sample
# Sample users.allow file
# This assumes that the host has been joined to the example.com domain.
# To validate users.allow file: vastool status allow
# Allow john and steve to log in. User names must be entered as user principal
# names (UPN). The use of UPN syntax is what differentiates users from groups.
john@example.com
steve@example.com
# Allow members of the sales group to log in.
sales
# Allow members in rc.red.example.com's tg-1-g to log in (domain\SAM account).
rc.red.example.com\tg-1-a
# Allow users that belong to the engineering OU.
ou=engineering,dc=example,dc=com
# Allow members in the example.com realm (domain) to log in.
@example.com
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center