Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2471: Apache PAM access failure

Centrify DirectControl ,   Centrify DirectControl Plugins ,  

12 April,16 at 11:10 AM

Applies to: Centrify DirectControl 5.0.x and Apache HTTP SSO module 4.4.3.

Problem:

After installing the Centrify DirectControl 5.0.x agent and Centrify Apache module on a Linux box, the default Apache page can not be accessed via AD credentials. 

Here is an example:

1. In /etc/pam.d, the "login" file is copied to "cdcapache"
2. In DirectManage (console), there is a Right: PAM Access > cdcapache
3. In DirectManage, there is a Role: WEB-ONLY > contains an AD group called "Non-Domain Users"
4. In ADUC, there is an AD group containing a few users called "Non-Domain Users".
5. In Apache config file, the group and users are set to only be able to login from one particular server ("rover" in this instance).
6.  In httpd.conf, the following lines are configured:
Include /usr/share/centrifydc/apache/samples/conf/centrify22.conf

<Directory /var/www/html/CentrifySafe>

AllowOverride All

AuthType CENTRIFYDC

AuthName WebNative

EnableBasicAuth true

EnablePamAuth true

PamService /etc/pam.d/cdcapache

EnableNtlmAuth false

EnableKerberosAuth false

EnableNtlmReprompt false

IdentityType custom:_unixName

Require valid-user

Options ExecCGI

</Directory>


Here is error message:

/usr/share/centrifydc/apache/bin/checkpwd: symbol lookup error:

/usr/share/centrifydc/apache/bin/checkpwd: undefined symbol:_ZN4cims5PropsEb

[Mon Dec 05 15:19:32 2011] [error] [client 127.0.1.1] Failed to validate

password of user x-testone via PAM service /etc/pam.d/cdcapache for URI

/CentrifySafe. Error: Unspecified error, referer: http://127.0.1.1

 

Cause:

Centrify's checkpwd ( /usr/share/centrifydc/apache/bin/checkpwd ) failed to run because it could not load all the libraries due to a library mismatch issue. 


Workaround:

Downgrade the Centrify DirectControl Agent to version 4.4.4 or 4.4.3. 

 

Resolution:

There is a code fix in Centrify Apache HTTP SSO module 4.4.4-568 and above. 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-3925: How to add Centrify parameter to a group policy articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? articleKB-3145: How to configure Apache directives in Apache 2.4 articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-3393: crontab works for local account but not AD users articleKB-3000: Troubleshooting login issues on Mac systems. articleKB-6055: Audit trail events and associated eventID information articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role?