Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-1661: Restart of adclient removes the pam.homedir.perms parameter from centrifydc.conf

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

11 August,20 at 03:36 AM

Applies to:  Centrify DirectControl all versions




Adding pam.homedir.perms to /etc/centrifydc/centrifydc.conf and restarting adclient, results in this parameter disappears from the centrifydc.conf file.




pam.homedir.perms setting has an "active" keyword so that local setting will be removed if not set via group policy. It's for backward compatibility (CDC 3.x/4.x has different registry key).




In Group Policy Object Editor, go to Computer Configuration, Centrify Settings, DirectControl Settings, Pam Settings, Set Home Directory Permissions, enable the GP and set to 0755.  Then bring up a cmd prompt and run gpupdate. After replication, run "adgpupdate" as root or user with sudo privileges on linux/unix machine. Now, you can see the GP applied in centrifydc.conf, grep on the file you should see:


pam.homedir.perms:  0755


Application is working as designed. NOTE: To disable group policy from modifying the  "/etc/centrifydc/centrifydc.conf" file verify these two parameters are set to "true". If these parameters are set to "false" then the (Group Policy) will be able to update parameters in the "/etc/centrifydc/centrifydc.conf".

gp.disable.all: false
gp.disable.machine: false

Run the following commands below after editing the "/etc/centrifydc/centrifydc.conf" file for updates to take effect.