11 August,20 at 03:36 AM
Applies to: Centrify DirectControl all versions
Problem:
Adding pam.homedir.perms to /etc/centrifydc/centrifydc.conf and restarting adclient, results in this parameter disappears from the centrifydc.conf file.
Cause:
pam.homedir.perms setting has an "active" keyword so that local setting will be removed if not set via group policy. It's for backward compatibility (CDC 3.x/4.x has different registry key).
Workaround:
In Group Policy Object Editor, go to Computer Configuration, Centrify Settings, DirectControl Settings, Pam Settings, Set Home Directory Permissions, enable the GP and set to 0755. Then bring up a cmd prompt and run gpupdate. After replication, run "adgpupdate" as root or user with sudo privileges on linux/unix machine. Now, you can see the GP applied in centrifydc.conf, grep on the file you should see:
pam.homedir.perms: 0755
Application is working as designed. NOTE: To disable group policy from modifying the "/etc/centrifydc/centrifydc.conf" file verify these two parameters are set to "true". If these parameters are set to "false" then the (Group Policy) will be able to update parameters in the "/etc/centrifydc/centrifydc.conf".
gp.disable.all: false
gp.disable.machine: false
Run the following commands below after editing the "/etc/centrifydc/centrifydc.conf" file for updates to take effect.
#adreload
#adflush