12 April,16 at 11:02 AM
Applies to: All version of DirectControl on All platform
Problem:
After setting adclient.cache.encrypt to true, AD users are unable to login offline with cached credentials when adclient restarted or machine rebooted.
Cause:
Setting adclient.cache.encrypt to true, will encrypt all of the Active Directory data stored in the cache and more importantly the cache is flushed each time the Centrify DirectControl agent starts up. So if this feature is enabled either by manually setting adclient.cache.encrypt parameter in centrifydc.conf or via group policy the offline logins will get affected.
Resolution:
Set adclient.cache.encrypt to false and run adreload or disable the group policy in:
Computer Configuration > Centrify Settings > DirectControl Settings > Adclient Settings > Encrypt Adclient cahce data
and run adgpupdate.
KB-20210: Common Questions Regarding Centrify DirectControl and CoreOS
KB-6040: How to change the license type in use after adclient successful joined to the AD?
KB-3925: How to add Centrify parameter to a group policy
KB-6041: How to show current license type in use by adclient
KB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0)
KB-6038: How to specify the license type to use when joining the server to AD using adjoin?
Centrify 21.2 Release Notes
KB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role?
KB-6056: How to report the group policy settings that are in effect for the local computer?