Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-14505: Local Users Cannot Login After an Upgrade to Centrify DirectControl and Centrify DirectAudit version 18.11

Authentication Service ,  

15 April,20 at 10:25 AM

Problem:
  
After an upgrade to Centrify DirectAudit and/or Centrify DirectControl version 18.11, some local users cannot login when DirectAudit is enabled but not running. When looking at the user profile on the machine via getent or adquery user, the shell shows as a non-executable such as /sbin/nologin, or /bin/false 

Cause:
  
This issue occurs on machines where AppArmor is enabled.  If there is a pre-existing file /etc/apparmor.d/adstractions/centrifyda, this file is not replaced with the proper abstractions during an update to Centrify DirectAudit and Centrify DirectControl.

Workaround:
  
Add the following policies to /etc/apparmor.d/abstractions/centrifydc or /etc/apparmor.d/abstractions/centrifyda
 
/usr/share/centrifydc/lib64/*  rm,
/proc/*/cgroup  r,

Stop and restart the AppArmor service
  
e.g.
# /etc/init.d/boot.apparmor stop
# /etc/init.d/boot.apparmor start

Resolution:
  
This issue is resolved in release 18.11 for SUSE 11 S390.  For other architectures, this issue will be resolved in a future release.

Related Articles

 No related Articles