The following errors are seen for login attempts to the Centrify Client for Linux:
"The requested data or its dependent data was not found in the service"
The image below shows the error that appears when logging in using a direct SSH client, when the Unix authentication profile is not defined.
"invalid user name/password"
The image below shows the error that appears when logging in using a Centrify Web SSH, when the Unix authentication profile is not defined.
Starting in 18.5, all user logins (except for local users) to Centrify Client of Linux will require MFA. “Unix and Windows Server” login policy is used to determine how the user is authenticated. Note that this is a major behavioral change for users.
If the user does not have any valid authentication profile setup, he/she will be denied login whereas he/she is allowed to login in prior versions of Centrify Agent for Linux. MFA requirement for login can be disabled by setting the parameter pam.mfa.enabled to false in /etc/centrifycc/centrifycc.conf.
Please note: Role assignment must include computer objects from Groups or Computers in AD and 'Computer Login and Privilege Elevation' administrative rights. Users will not be able to login via the Centrify Agent unless this policy is defined.