Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1360: Working with Oracle Grid Control on Redhat Linux

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:02 AM

Applies to: DirectControl on Redhat Linux

Problem:

Grid Control failed to run job with service account in Active Directory

Cause:

/etc/pam.d/emagent (from Oracle) does not use the normal include directive for "system-auth" (which would have included directives for CentrifyDC); which is why the service account from Active Directory did not pass through Centrify PAM modules.

Solution:

Modify /etc/pam.d/emagent to include the follwing lines:

#Centrify mod
auth       sufficient     pam_centrifydc.so
auth       requisite      pam_centrifydc.so deny
account    sufficient     pam_centrifydc.so
account    requisite      pam_centrifydc.so deny
session    required       pam_centrifydc.so homedir
password   sufficient     pam_centrifydc.so try_first_pass
password   requisite      pam_centrifydc.so deny

Note: it is important that these lines be at the beginning of the file - before other lines.

Then restart the Oracle EM agent(s) to reload these directives.

References:

Oracle also has a KB article on this, please check their website for the following article:

How to Configure the Grid Control Agent for PAM and LDAP? [ID 422073.1]

Additionally, if you see the following errors in Oracle Enterprise agent upon running under TRACE then you need to create a symbolic link under /lib to libpam.so.0.81.5 called libpam.so for 32 bit machines or under /lib64 if it is 64 bit (ln -s libpam.so.0.81.5 libpam.so).
 
2010-12-02 20:47:52,157 Thread-1098135872 DEBUG Authentication: nmejcap: (PDP-auth) Exiting nmejcap_Process_PDP_Authenticate.
2010-12-02 20:47:52,162 Thread-1098135872 DEBUG Authentication: nmejcap.c: ret=157, buf=' LOG: Local Authentication Failed...Attempt PAM authentication...PAM failed with error: libpam.so: cannot open shared object file: No such file or directory '
2010-12-02 20:47:52,162 Thread-1098135872 DEBUG Authentication: nmejcap.c: ret=-10, buf=' LOG: Local Authentication Failed...Attempt PAM authentication...PAM failed with error: libpam.so: cannot open shared object file: No such file or directory '

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.