Applies to: All versions of Centrify DirectControl on AIX platforms only.
Question:
In a situation where there is a local account and an AD/Centrify account with same name, what steps need to be taken to avoid login issues?.
Answer:
If the AIX account previously used local AIX authentication, then all user account artifacts must first be removed from AIX for AD to take control of logins:
1. First migrate local account from AIX to AD using Centrify migration tools (import it from CDC console).
2. On the AIX system, remove the local account from /etc/passwd, /etc/security/user and /etc/security/passwd
3. Add a stanza to /etc/security/user under root:
* CentrifyDC SYSTEM = "compat"
4. Verify that the Centrify account now works successfully.
Note: If login still failed, verify:
1. in /etc/security/login.cfg the line for 'auth_type = PAM_AUTH'
2. refer to IBM link: http://www-01.ibm.com/support/docview.wss?uid=isg3T1011226