Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2438: adclient [daemon.warning] WARN <fd:22 NSSGetUserAttrDataByName

Authentication Service ,  

7 March,17 at 05:22 PM 


 
Applies to: All versions of Centrify DirectControl on Solaris platform.
 
Question:
The syslog is flooded with these messages every few minutes. NISmaps is not being used at all. Is there any reason for this.? 

=====
adclient[676]: [ID 702911 daemon.warning] WARN <fd:22 NSSGetUserAttrDataByName base.bind.cache
LDAP search CN=user_attr,CN=NisMaps,CN=zone1,CN=zones,OU=Centrify,OU=Services,DC=domain,DC=com:(&(description=lp)(!CN=\01*))) threw unexpected exception: ldap search, no such object; NO such object: 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of: 
Jun 8 19:51:19 COMPUTERNAME 'CN=NisMaps,CN=zone1,CN=zones,OU=Centrify,OU=Services,DC=domain,DC=com
Jun 8 19:51:19 COMPUTERNAME matched 'CN=NisMaps,CN=zone1,CN=zones,OU=Centrify,OU=Services,DC=domain, DC=com 
=====
 
Answer:
Centrify is responding to BSM calls (like getauusernam), but the (AD) container was not found. This is the result of a new feature to provide (backend) support for other NSS databases. Centrify will fix this to tune down the WARN messages in future releases.  
 
Centrify understands it is generating a lot of noise for syslog. We apologize for the inconvenience. Please ignore them for now or simply create empty nis maps for  - audit_user and user_attr  on Centrify DirectControl console side of things.
 
Select the Zone the machine is joined to, then go to 'Unix Data', expand and select -> NIS Maps, right click then select 'New' and select 'Generic Map' -> type 'Audit_user' and also create another generic map 'User_attr".
 
At the end of this KB, screenshots are available which show the creation of empty maps in the CDC console. They can be viewed on the portal.
 
You can also fix it on the Unix side of things as follows:
1) login as root and add this following line anywhere in /etc/centrifydc/centrifydc.conf 
    log.base.bind.cache: ERROR 
2) Save your change then restart centrifydc 
    What this will do is to only log ERROR level message. 
 
Note:
This is fixed in Centrify Direct Control 5.1.
Attachments:
audit_user.PNG
new_nis_maps.PNG

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-1425: adclient goes into "disconnected mode" articleKB-8996: PamUserLogout2 warn messages filling up syslog articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-1012: Error "/var/run/adclient.pid is not running" when attempting to start adclient articleKB-2095: Why does adinfo show "Warning! Unable to locate computer's subnet site in Active Directory. Please advise your system administrator." articleKB-1419: More than xxx groups in the zone, dynamically resetting adclient.zone.group. articleKB-3236: How to get Centrify to use only specific domains and avoid contacting blocked ones. articleKB-1390: Best practices for monitoring health of DirectControl agent