When the Centrify adnisd daemon fails, the niswatch process should automatically restart it. Sometimes, the niswatch process starts the daemon, but adnisd fails again. This cycle repeats every 2-3 minutes.
The niswatch is hard-coded to send an RPC (Remote Procedure Call) ping to address 127.0.0.1. If a firewall rule is set that blocks all localhost (127.0.0.1) access, the ping will fail and niswatch will terminate the adnisd process.
This issue is resolved in 18.11 where the IP address that is used by niswatch is configurable by adding the following parameter into /etc/centrify/centrifydc.conf . In the example below, the value of 192.168.81.65 is the IP address of the adnisd host machine.
This will cause adnisd to route communications out to the network and back to the machine instead of using the loopback 127.0.0.1 address.
In addition, the adnisd process uses RPC (Remote Procedure Call) for communication. By design, adnisd will ask for a free port number from the default range of ports used by RPC. If the RPC ports are also blocked by firewall, it is necessary to unblock two ports and configure adnisd to use those same two ports each time it starts up. To configure the adnisd ports, set the following parameters in /etc/centrify/centrifydc.conf. The values of these parameters can be any unused port. In the parameters below values of 2555 and 2556 have been selected strictly as an example.
After making these changes, restart adnisd and run adreload
# systemctl start adnisd