Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2394: Audit start fails with Auditclasses error

Authentication Service ,  

12 April,16 at 11:13 AM

Applies to:
All versions of Centrify DirectControl on AIX platforms only.
The following error may occur when trying to start auditing on an IBM server running Centrify DirectControl:
# audit start
Failed to update audit classes of user
** failed setting kernel audit objects
This has been seen when using CentrifyDC for authentication; the problem will be seen if a Centrify user has an active process in the process table and 'lsuser -a auditclasses <Centrify user>' returns a blank entry for auditclasses rather than not displaying auditclasses at all.
On any AIX system, there is a file called /etc/security/audit/config. The "default line" has to be set. Without any default, adclient defaults to an empty string.
1) In the below example, this file /etc/security/audit/config shows:
        root = auth,audit,system,cron,passwd,obj1,obj2,obj3,obj4,sumon
        default = auth,audit,system,cron,obj1,obj2,obj3,obj4,sumon
2) There is another file called /etc/security/user.  Open this file and go to the "default section", there should be a line for auditclasses as follows. It should NOT be empty.
auditclasses = auth,audit,system,cron,obj1,obj2,obj3,obj4,sumon
3) Cross-check if /etc/security/audit/objects has the following lines by default.
        w = "S_ENVIRON_WRITE"
        w = "S_GROUP_WRITE"
        w = "S_LIMITS_WRITE"
        w = "S_LOGIN_WRITE"
        r = "S_PASSWD_READ"
        w = "S_PASSWD_WRITE"
        w = "S_USER_WRITE"
        w = "AUD_CONFIG_WR"
4) After this, the command #adflush should be run to clear thecache.
5)  audit daemon should start normally.
Centrify worked around this problem and confirmed it in the lab.  On a Centrify server running Centrify DirectControl 5.x, the above steps were not needed.