Applies to: DirectControl on Redhat Linux
Grid Control failed to run job with service account in Active Directory
/etc/pam.d/emagent (from Oracle) does not use the normal include directive for "system-auth" (which would have included directives for CentrifyDC); which is why the service account from Active Directory did not pass through Centrify PAM modules.
Modify /etc/pam.d/emagent to include the follwing lines:
auth sufficient pam_centrifydc.so
auth requisite pam_centrifydc.so deny
account sufficient pam_centrifydc.so
account requisite pam_centrifydc.so deny
session required pam_centrifydc.so homedir
password sufficient pam_centrifydc.so try_first_pass
password requisite pam_centrifydc.so deny
Note: it is important that these lines be at the beginning of the file - before other lines.
Then restart the Oracle EM agent(s) to reload these directives.
Oracle also has a KB article on this, please check their website for the following article:
How to Configure the Grid Control Agent for PAM and LDAP? [ID 422073.1]
Additionally, if you see the following errors in Oracle Enterprise agent upon running under TRACE then you need to create a symbolic link under /lib to libpam.so.0.81.5 called libpam.so for 32 bit machines or under /lib64 if it is 64 bit (ln -s libpam.so.0.81.5 libpam.so).
2010-12-02 20:47:52,157 Thread-1098135872 DEBUG Authentication: nmejcap: (PDP-auth) Exiting nmejcap_Process_PDP_Authenticate.
2010-12-02 20:47:52,162 Thread-1098135872 DEBUG Authentication: nmejcap.c: ret=157, buf=' LOG: Local Authentication Failed...Attempt PAM authentication...PAM failed with error: libpam.so: cannot open shared object file: No such file or directory '
2010-12-02 20:47:52,162 Thread-1098135872 DEBUG Authentication: nmejcap.c: ret=-10, buf=' LOG: Local Authentication Failed...Attempt PAM authentication...PAM failed with error: libpam.so: cannot open shared object file: No such file or directory '