Applies to: Centrify DirectControl 5.0.5 or below on RedHat 6.2
In Active Directory Users and Computers console, Account options "Do not require Kerberos Preauthentication" is checked in user's profile.
Attempting to ssh into a RedHat 6.2 server as this user will stall the session and eventually cause adclient to disconnect, following messages can be captured from debug log:
Jan 17 15:34:06 host adclient: DEBUG <fd:28 PAMVerifyPassword > dns.findkdc KDC locator for domain.com
Jan 17 15:34:52 host sshd: Invalid user rlevin1 from 123.456.789.123
Jan 17 15:34:52 host cdcwatch: ERROR cdcwatch detected adclient is not running properly (ping took 30 seconds)
Jan 17 15:35:21 host adclient: DEBUG <fd:27 PAMVerifyPassword > dns.findkdc KDC locator for domain.com
Jan 17 15:40:11 host cdcwatch: DEBUG lrpc.session New socket 8 (142709)
Jan 17 15:40:41 host cdcwatch: DEBUG cdcwatch signalling adclient with SIGABRT
Uncheck "Do not require Kerberos Preauthentication" option in ADUC for target user.
This has been fixed in Centrify DirectControl 5.1.0 and above.