Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1661: Restart of adclient removes the pam.homedir.perms parameter from centrifydc.conf

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

11 August,20 at 03:36 AM

Applies to:  Centrify DirectControl all versions

 

Problem:

 

Adding pam.homedir.perms to /etc/centrifydc/centrifydc.conf and restarting adclient, results in this parameter disappears from the centrifydc.conf file.

 

Cause:

 

pam.homedir.perms setting has an "active" keyword so that local setting will be removed if not set via group policy. It's for backward compatibility (CDC 3.x/4.x has different registry key).

 

Workaround:

 

In Group Policy Object Editor, go to Computer Configuration, Centrify Settings, DirectControl Settings, Pam Settings, Set Home Directory Permissions, enable the GP and set to 0755.  Then bring up a cmd prompt and run gpupdate. After replication, run "adgpupdate" as root or user with sudo privileges on linux/unix machine. Now, you can see the GP applied in centrifydc.conf, grep on the file you should see:

 

pam.homedir.perms:  0755


Resolution:

Application is working as designed. NOTE: To disable group policy from modifying the  "/etc/centrifydc/centrifydc.conf" file verify these two parameters are set to "true". If these parameters are set to "false" then the (Group Policy) will be able to update parameters in the "/etc/centrifydc/centrifydc.conf".

gp.disable.all: false
gp.disable.machine: false

Run the following commands below after editing the "/etc/centrifydc/centrifydc.conf" file for updates to take effect.

#adreload
#adflush

Related Articles

 articleKB-3925: How to add Centrify parameter to a group policy articleKB-6041: How to show current license type in use by adclient articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-0291: Recommended settings in centrifydc.conf for high load CPU servers articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-0390: What is adclient.cache.expires and adclient.cache.object.lifetime