• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 25 subscribers
  • Views 9420 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

On AIX, can a user be a member of a secondary group locally defined on AIX but not on AD?

jon.scobie
over 6 years ago

I know this question has sort of been asked in the past but it was a long time ago so just wanted to see if that was still the case?

  • +1 over 6 years ago

    You can do this but the version of Authentication Services needs to be 4.1.0-21630 or higher for this to work as expected. It also requires a configuration setting in the vas.conf.

    This article here should cover the details.

     

    Leigh Grant

  • 0 over 6 years ago
    Luckily, we are on 4.1.0.21708 so doing :-
    /opt/quest/bin/vastool configure vas aix_vas include-local-group-memberships true
    and having the AD user in the local group did the trick.
    I'm a bit worried about the scenarios it is not recommended for, like DB2 but I'll try that out.
  • 0 over 6 years ago
    If the Resolution using the vas.conf setting conflicts on a given system based on those scenarios you can use the Workaround solution in that instance and it should work fine.

    IBM actually advised at one point that we should not mix the repositories but it ended up being a large inconvenience for many organizations and we felt that a configurable setting was the best approach.

    Leigh Grant
  • 0 over 6 years ago
    Well, it worked for me so that was a sensible decision as far as I'm concerned.