All versions of Centrify DirectControl on AIX platforms only.
The following error may occur when trying to start auditing on an IBM server running Centrify DirectControl:
# audit start
Failed to update audit classes of user
** failed setting kernel audit objects
This has been seen when using CentrifyDC for authentication; the problem will be seen if a Centrify user has an active process in the process table and 'lsuser -a auditclasses <Centrify user>' returns a blank entry for auditclasses rather than not displaying auditclasses at all.
On any AIX system, there is a file called /etc/security/audit/config. The "default line" has to be set. Without any default, adclient defaults to an empty string.
1) In the below example, this file /etc/security/audit/config shows:
root = auth,audit,system,cron,passwd,obj1,obj2,obj3,obj4,sumon
default = auth,audit,system,cron,obj1,obj2,obj3,obj4,sumon
2) There is another file called /etc/security/user. Open this file and go to the "default section", there should be a line for auditclasses as follows. It should NOT be empty.
auditclasses = auth,audit,system,cron,obj1,obj2,obj3,obj4,sumon
3) Cross-check if /etc/security/audit/objects has the following lines by default.
w = "S_ENVIRON_WRITE"
w = "S_GROUP_WRITE"
w = "S_LIMITS_WRITE"
w = "S_LOGIN_WRITE"
r = "S_PASSWD_READ"
w = "S_PASSWD_WRITE"
w = "S_USER_WRITE"
w = "AUD_CONFIG_WR"
4) After this, the command #adflush should be run to clear thecache.
5) audit daemon should start normally.
Centrify worked around this problem and confirmed it in the lab. On a Centrify server running Centrify DirectControl 5.x, the above steps were not needed.