12 April,16 at 11:09 AM
Applies to: All versions of Centrify DirectControl on all platforms.
Problem:
After assigning a role to an AD Distribution group and adding AD users to the group:
Running dzinfo [AD user] on the UNIX side will show the role is in place, but AD users cannot login.
Running dzinfo [AD user] again will then show the role is now missing:
[root@rhel ~]# dzinfo test1
User: test1
Forced into restricted environment: No
Role Name Avail Restricted Env
--------------- ----- --------------
(test1 has no roles assigned)
PAM Application Avail Source Roles
--------------- ----- --------------------
Privileged commands:
Name Avail Command Source Roles
--------------- ----- -------------------- --------------------
(test1 has no privileged command rights)
Running the command #adflush -a (flush authorization cache) can get back the role assignment, but the role assignment will be missing again after the AD user logs in.
Cause:
AD Distribution group is not supported except via the ZPA.
Workaround:
In ADUC or the CDC console, please change the group back to Security Group and it should function properly.