Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2313: Enabling "Do not require Kerberos Preauthentication Kerberos Preauthentication" causes adclient to crash

Authentication Service ,  

12 April,16 at 11:11 AM

Applies to: Centrify DirectControl 5.0.5 or below on RedHat 6.2

Problem:

In Active Directory Users and Computers console, Account options "Do not require Kerberos Preauthentication" is checked in user's profile.

User-added image

Attempting to ssh into a RedHat 6.2 serverĀ as this user will stall the session and eventually cause adclient to disconnect, following messages can be captured from debug log:
Jan 17 15:34:06 host adclient[2961]: DEBUG <fd:28 PAMVerifyPassword > dns.findkdc KDC locator for domain.com
Jan 17 15:34:52 host sshd[29990]: Invalid user rlevin1 from 123.456.789.123
Jan 17 15:34:52 host cdcwatch[2962]: ERROR cdcwatch detected adclient is not running properly (ping took 30 seconds)
...
Jan 17 15:35:21 host adclient[30042]: DEBUG <fd:27 PAMVerifyPassword > dns.findkdc KDC locator for domain.com
Jan 17 15:40:11 host cdcwatch[30043]: DEBUG lrpc.session New socket 8 (142709)
Jan 17 15:40:41 host cdcwatch[30043]: DEBUG cdcwatch signalling adclient[30042] with SIGABRT

Workaround:

Uncheck "Do not require Kerberos Preauthentication" option in ADUC for target user.

Resolution:

This has been fixed in Centrify DirectControl 5.1.0 and above.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-3925: How to add Centrify parameter to a group policy articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-1937: Will Enabling NSCD Help Centrify? articleKB-6041: How to show current license type in use by adclient articleKB-1779: Adclient crashes/login slow for a migrated cross-domain user articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-2645: Centrify-enabled OpenSSH crashes while SSL is enabled in OpenLDAP articleKB-1662: How does adclient adjust system time (ntp/sntp)?