Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-14300: Centrify NIS Service Fails and Cannot be Restarted by niswatch Daemon

Authentication Service ,  

9 May,19 at 04:44 PM

Problem:
  
When the Centrify adnisd daemon fails, the niswatch process should automatically restart it. Sometimes, the niswatch process starts the daemon, but adnisd  fails again.  This cycle repeats every 2-3 minutes.

Cause:
  
The niswatch is hard-coded to send an RPC (Remote Procedure Call) ping to address 127.0.0.1.  If a firewall rule is set that blocks all localhost (127.0.0.1) access, the ping will fail and niswatch will terminate the adnisd process.
  

 
Resolution:
  
This issue is resolved in 18.11 where the IP address that is used by niswatch is configurable by adding the following parameter into /etc/centrify/centrifydc.conf . In the example below, the value of 192.168.81.65  is the IP address of the adnisd host machine. 
  
e.g.
nisd.watch.net_addr: 192.168.81.65 

This will cause adnisd to route communications out to the network and back to the machine instead of using the loopback 127.0.0.1 address.

In addition, the adnisd process uses RPC (Remote Procedure Call) for communication.  By design, adnisd will ask for a free port number from the default range of ports used by RPC.  If the RPC ports are also blocked by firewall, it is necessary to unblock two ports and configure adnisd to use those same two ports each time it starts up.  To configure the adnisd ports, set the following parameters in /etc/centrify/centrifydc.conf. The values of these parameters can be any unused port.  In the parameters below values of 2555 and 2556 have been selected strictly as an example.
   
e.g.
nisd.port.tcp: 2555 
nisd.port.udp: 2556 

After making these changes, restart adnisd and run adreload
  
e.g.
# systemctl start adnisd
# adreload


 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles