Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-14543: lslogins command not working with Centrify Agent

Authentication Service ,  

20 June,19 at 08:44 PM

Problem: lslogins command does not list root user when centrifydc is running

Cause: lslogins (from util-linux package) is sensitive to UID ordering.

Workaround: Modify 
the three lines within the nsswitch.conf file to switch the order of files and centrifydc.

Example below:

passwd: centrifyda centrifydc files
shadow: centrifydc files
group: centrifydc files

passwd: centrifyda files centrifydc
shadow: files centrifydc
group: files centrifydc

  • This is lslogins behavior - not something Centrify can "fix".
  • In general, it is preferred for "centifydc" to be first in NSS order (this is the order they are entered when Centrify is allow to update them automatically) because if there is conflict with local user (same name), then AD username will take precedence. With this change, the local user would take precedence.
  • centrifyda may not be present in your configuration file if you are not using DirectAudit