Applies to: Centrify DirectControl all versions
Adding pam.homedir.perms to /etc/centrifydc/centrifydc.conf and restarting adclient, results in this parameter disappears from the centrifydc.conf file.
pam.homedir.perms setting has an "active" keyword so that local setting will be removed if not set via group policy. It's for backward compatibility (CDC 3.x/4.x has different registry key).
In Group Policy Object Editor, go to Computer Configuration, Centrify Settings, DirectControl Settings, Pam Settings, Set Home Directory Permissions, enable the GP and set to 0755. Then bring up a cmd prompt and run gpupdate. After replication, run "adgpupdate" as root or user with sudo privileges on linux/unix machine. Now, you can see the GP applied in centrifydc.conf, grep on the file you should see:
Application is working as designed. NOTE: To disable group policy from modifying the "/etc/centrifydc/centrifydc.conf" file verify these two parameters are set to "true". If these parameters are set to "false" then the (Group Policy) will be able to update parameters in the "/etc/centrifydc/centrifydc.conf".
Run the following commands below after editing the "/etc/centrifydc/centrifydc.conf" file for updates to take effect.