Hello everybody,
I have been working on this issue for awhile now, and I am having no luck.
I am having an issue with Quest (VAS) authentication as user groups.
I am having an issue where a user can log into a RedHat server with no issues, but they cannot access a specific directory owned by a group (Permission Denied).
As root, I do a vastool flush on the server, and then I "su -" to the user. At that point I can access the directory with no issues.
I do an "ID" command, and I see the user is a member of about 11 groups.
Now for the fun part.......
I tell the user it is fixed, and then they LOGIN.
Of course, they can't access the directory. I log into the server and "su -" to the user and sure enough, the user can't access the directory.
I run the "ID" command again, and this time the user is showing as a member of a much larger number of groups.
I assume the directory access could be due to the user being a member of too many groups (even though one of the groups is the group they need).
I have tried to flush several times. I have even unjoined/rejoined the server. Still the same behavior ----- I do a flush as root and access is okay until the user logs in.
Then the number of groups the user is a member of increases and access is denied.
I assume that VAS calls the AD information differently durning the login process versus root doing a "su -" to the user.
Has anyone seen this issue before?
I've tried about everything, so any help would be appreciated.
Thanks,
Chuck