Configuring VSJ for multiple domains for a web/stand alone JAVA client.
Back Ground:We have an existing Kerberos utility (developed using sun GSS API), which can be used by either web application/a standalone java based application to accept service ticket for a specific...
View ArticleVAS_ERR_DNS: Unable to look up any DNS SRV records for domain
Hi, I am running AIX5.3 with VAS agent 3.3.1.83. I get an error when running the join command to join the server to AD domain...It takes a long time to check if the computer is already joined to a...
View ArticleStuck with kerberos authentication to Sharepoint
I have to connect to MS IIS server using SPNEGO token with Kerberos ticket inside, exactly as Internet Explorer does it.If I use java GSSManager.initiateContext() it does request tickets with incorrect...
View ArticleRegd: Constrained delegation not working with a standalon JAVA code.
Hi,I'm trying to use VSJ and written a standalone application to implement constrained delegation.Can any one of you please find the below mentioned active directory configurations and standalone Java...
View ArticleSFTP settings
I m trying to set up sftp in DEBUG and AUTH mode. Did not get it working. Are there any extra configs I need to check besides sshd_config line with those options.current...
View Articlemod_auth_vas and no way trusts.
If VAS was setup with a no-way-trust between two domains (two one-way trust, but the domains don't know anything about each other) can mod_auth_vas be configured to take advantage of this? I see in...
View ArticleIBM DB2 LDAP Plugin and Vintela DB2 Security Plugin
What is the difference between the DB2 LDAP Plug in provided by IBM and DB2 Security Plug in for LDAP from Vintela? Are they the same product? We just converted our IBM SP MPP server from NIS to VAS...
View ArticleSUDO requires local user password
Hi all,We have implemented QAS for our hp-ux and linux servers and for some set (DEV/TEST servers) we have implemented sudo with VGP with NOPASSWD for the sudo commands.Our security team raised a...
View ArticleBuilding mod_auth_vas-3,5,3.308 on AIX v5.3 fails
I am working to build the mod_auth_vas module with IBM's IHS 2.0.47.0 version of Apache. I am using IBM's C compiler as this is the default of the IHS version. The configure succeeds, but the link...
View ArticleNot seeing correct AD group membership using vastool
We have an AD group 'foo'. User Abe is added to it using AD tools. I cannot see this user in the group using vastool on Solaris. And of course the user cannot login. $ vastool list groups | grep...
View ArticlePutty 0.62 session menu with Windows 7
I've recently upgraded to Windows 7, and am enjoying the menu of open putty sessions displayed when I hover my mouse over the putty icon in my toolbar. HOWEVER, one aspect which bothers me is how the...
View ArticleFATAL ERROR: Server unexpectedly closed network connection in using Plink
Hi,Could any one please let me know why this error is occuring randomly while using Plink? Some days it works fine and suddenly it stops to work with this error message.FATAL ERROR: Server unexpectedly...
View ArticleSudo issue with NIS (QAS) groups in Ubuntu 12.04
Hi,We're running QAS 3.5.2.80 on the Ubuntu 12.04 beta and we're running into an issue with sudo. Our setup is a full NIS proxy setup where each host is its own proxy. Everything else works just fine,...
View ArticleNTLM SMB issue - Could not get valid NTLM challenge from ........
I'm trying to debug an issue with NTLM failback, I have the filter configured correctly as per any other deployments.I'm able to authenticate users correctly using Kerberos, but I have noticed in the...
View ArticleSingle Sign-On for Java 7 Not working
Hi, We have been using winSSPI.dll on client side from 3.2 package. This dll is not working anymore in JDK 7. The exception trace as follows : [DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos:...
View ArticleQAS - Using Text Replacement Macros in GPO Dynamic File Copy Source Path ?
Working with a customer where there a large number of unix hosts that require differing "user-override" files applied - ie for the same AD user - apply different overrides on different hosts. While it...
View ArticleProcessing order of user-overrides if directory is used
I'm look at putting together a solution for a rather complex user-override situation - using the user-override-directory - I've configured vasd to use the directory - and it appears to do so - however...
View Article2 Apache instances running with different Service Account
Hi all, I;m having trouble with on of 2 Apache instances. The VHOST seems to take well the HTTP.keytab and Server Principal configuration at the startup of the Apache Service.But when the first web...
View ArticleQAS and NTLMV2
We're getting ready to switch over to NTLMv2 exclusively in the AD world ... are there any negatie implications for a mixed deployment of mostly QAS 4X - with a few 3X stragglers in the mix?
View Article