SSO breaks when users come in via VPN
Hi,We're running into another issue in production. SSO (Vintela, Tomcat, AD 2003 authentication) works just fine if users access the website within their own desktops in the network. Now, when they...
View ArticleSingle Sign-On for Java 7 Not working
Hi, We have been using winSSPI.dll on client side from 3.2 package. This dll is not working anymore in JDK 7. The exception trace as follows : [DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos:...
View ArticleNot seeing correct AD group membership using vastool
We have an AD group 'foo'. User Abe is added to it using AD tools. I cannot see this user in the group using vastool on Solaris. And of course the user cannot login. $ vastool list groups | grep...
View ArticleSetting Login Shell to /bin/false for unix enabled users
Hello,We'd like to use vas to authenticate users on an ftp server but we only want to allow access via ftp, not ssh. Traditionally we'd set the users shell to /bin/false in /etc/passwd to accomplish...
View Articlevas_ipc_connect: Error 13 calling connect (Permission denied)
Hi all,I'm having a strange issue with Authentication Services.The installation was apparently fine but where I enable an AD user to login on a joined Linux sistem, I log this stuffay 8 11:50:46...
View ArticleSegmentation fault when mod_auth_vas finds no matches
Hello,We are using mod_auth_vas.so 3.6.7 with Oracle HTTP Server which is effectively Apache 2.0. Recently, we have noticed that an Apache process is terminated with a segmentation fault in case of...
View ArticleMAV & Load balanced server authentication problem
After the installation/configuration of mav using the latest r233 on each individual server, vas/mav is working as expected. Now we've got new problem setting up load balanced servers using mav/vas.Our...
View ArticleConfiguring VSJ for multiple domains for a web/stand alone JAVA client.
Back Ground:We have an existing Kerberos utility (developed using sun GSS API), which can be used by either web application/a standalone java based application to accept service ticket for a specific...
View Article2 Apache instances running with different Service Account
Hi all, I;m having trouble with on of 2 Apache instances. The VHOST seems to take well the HTTP.keytab and Server Principal configuration at the startup of the Apache Service.But when the first web...
View ArticleQAS and NTLMV2
We're getting ready to switch over to NTLMv2 exclusively in the AD world ... are there any negatie implications for a mixed deployment of mostly QAS 4X - with a few 3X stragglers in the mix?
View ArticleVAS User Group Membership Issues
Hello everybody, I have been working on this issue for awhile now, and I am having no luck.I am having an issue with Quest (VAS) authentication as user groups. I am having an issue where a user can log...
View Articlevastool flush - Loading user cache error
Does anyone have a list of the Loading User cache errors? I did a vastool flush and received the following error: Loading users cache: ..... Error while loading user cache: 16 I found some of the...
View Articlev4.1 or 4.0.3
I have a quick question. I would like to upgrade our UNIX components to QAS v4.1 from 3.5.2.12. While the company is considering upgrading to 4.1, we are currently at 4.0.3 in AD. If i go ahead to do...
View ArticleNot seeing correct AD group membership using vastool
We have an AD group 'foo'. User Abe is added to it using AD tools. I cannot see this user in the group using vastool on Solaris. And of course the user cannot login. $ vastool list groups | grep...
View ArticleQAS default group for UNIX-enabled user
What are the best practices for setting the default group for new UNIX-enabled users in QAS for a large deployment?We are about to embark on deploying the Quest products (ARS, QAS, QPM4U) on 1,000+...
View ArticleQAS uidnumber generation
We use ActiveRoles and Authentication Services to administer UNIX user attributes and our UNIX admins are having troubles with uidnumber re-use. For example a uidnumber assigned to a previous user that...
View ArticleSingle Sign-On for Java 7 Not working
Hi, We have been using winSSPI.dll on client side from 3.2 package. This dll is not working anymore in JDK 7. The exception trace as follows : [DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos:...
View Article2 Apache instances running with different Service Account
Hi all, I;m having trouble with on of 2 Apache instances. The VHOST seems to take well the HTTP.keytab and Server Principal configuration at the startup of the Apache Service.But when the first web...
View ArticleQAS and NTLMV2
We're getting ready to switch over to NTLMv2 exclusively in the AD world ... are there any negatie implications for a mixed deployment of mostly QAS 4X - with a few 3X stragglers in the mix?
View Article