Invalid AD Groups
All, we have experienced where bad or no longer valid AD groups are in users.allow, this negates authentication across the board. Version 4.1 QAS. Is this by design? Is there a stanza in vas.conf...
View ArticleSingle Sign-On for Java 7 Not working
Hi, We have been using winSSPI.dll on client side from 3.2 package. This dll is not working anymore in JDK 7. The exception trace as follows : [DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos:...
View ArticleNTLM SMB issue - Could not get valid NTLM challenge from ........
I'm trying to debug an issue with NTLM failback, I have the filter configured correctly as per any other deployments.I'm able to authenticate users correctly using Kerberos, but I have noticed in the...
View Articleproblem of vastool user checklogin
Hi experts!I am newbie for VAS.After installation of VAS 3.5 on both server(windows server 2003) and client(redhat5.2) according to the manual,I failed to login the linux client using a Unix enabled...
View ArticleRegd: Constrained delegation not working with a standalon JAVA code.
Hi,I'm trying to use VSJ and written a standalone application to implement constrained delegation.Can any one of you please find the below mentioned active directory configurations and standalone Java...
View ArticleUsing VAS Apache Module on Multiple Apache instances
Hi all, - I have a Web Server configured with 2 Apache Instances, each instance running as different user and port. - I configured the VAS module for Active Directory Authentication on both instances...
View Article2 Apache instances running with different Service Account
Hi all, I;m having trouble with on of 2 Apache instances. The VHOST seems to take well the HTTP.keytab and Server Principal configuration at the startup of the Apache Service.But when the first web...
View ArticleActive Directory Attributes that Unix Clients Care About
Is there a document around attributes in active directoery that the unix client cares about? IE uses memberUid but not msSFU30PosixMember for groups...
View ArticleQuest SAMBA Require non-shell users UNIX enabled flag in AD?
Hello,I am quickly trying to learn the basics of Quest Samba Version 3.0.30-Quest-325, OS = Solaris 10 (5.10)My question. We use this for our application to retrieve invoice images for the users to...
View ArticleI am getting page moved 302 error from Ajax call
By enabling logging, I see that authentication info is not found in the cache, when AJAX call is made, so vsj java filter is redirecting for authentication token. User is already authenticated and...
View ArticleSmartCard, OS X and QAS
Hi all. I'm currently looking at adding Macs to our Active Directory using QAS. Our users all use SmartCards to authenticate, and getting that working in OS X is the primary reason that I'm looking at...
View ArticleQAS - Using Text Replacement Macros in GPO Dynamic File Copy Source Path ?
Working with a customer where there a large number of unix hosts that require differing "user-override" files applied - ie for the same AD user - apply different overrides on different hosts. While it...
View ArticleProcessing order of user-overrides if directory is used
I'm look at putting together a solution for a rather complex user-override situation - using the user-override-directory - I've configured vasd to use the directory - and it appears to do so - however...
View ArticleLogin using VAS only possible with userid in capital letters
Hi, I have pretty new to VAS and we have an issue on one system where we are only able to log in using our userid in capital letters. On other systems we are perfectly able to login in using small cap....
View ArticleKerberos Error: Message Stream modified
Hi,I'm using SSO with BOXIR2 that use VSJ,the SSO is working fine until someday SSO is stop with below error messages:So how to fix this kinda error?5609 http-8080-Processor25 ERROR...
View ArticleClock skew error
[on behalf fo Rodney] Hi Team, We're using VSJ 3.3 in a web application (on Tomcat). During SSO with AD, users sometimes are not able to login and the error found in Tomcat STDOUT is : {ERROR}...
View Articlevas_ipc_connect: Error 13 calling connect (Permission denied)
Hi all,I'm having a strange issue with Authentication Services.The installation was apparently fine but where I enable an AD user to login on a joined Linux sistem, I log this stuffay 8 11:50:46...
View ArticleVAS / SAMBA how to
Hi,If I am using a stock samba version (3.0.20b-3.21-1370-SUSE) and trying to get VAS working with it, do I have to join the system twice in the domain? One for VAS (vastool join...) and other for...
View ArticleConfiguring VSJ for multiple domains for a web/stand alone JAVA client.
Back Ground:We have an existing Kerberos utility (developed using sun GSS API), which can be used by either web application/a standalone java based application to accept service ticket for a specific...
View Article