12 April,16 at 11:10 AM
Applies to: All versions of Centrify DirectControl on Redhat 6.x
Question:
A local account is mapped to an AD account with same UID using the account override parameter pam.allow.override in centrifydc.conf
I.e. the mapped localuser account is setup as follows :
pam.allow.override: localuser
pam.mapuser.localuser: localuser@mydomain.com
After the account is mapped, it is reported that 'whoami' returns an incorrect userId when logged in with localuser (AD account) and localuser@localhost (local user):
Logged in as localuser
whoami returns localuser
Logged in as localuser@localhost
whoami returns localuser@localhost
Logged in as localuser again
whoami returns localuser@localhost
As such, this issue will cause a major problem when changing passwords.
Why does it cache the wrong userId or point to the previous userId and not returning the last logged in userId?
Answer:
The problem in this case is nscd caching. When two users (AD and Local) share the same UID, nscd will remember the last logged in UID. When logging in, nscd will cache the UID and returns that UID, which is localuser@localhost, any subsequent login will have the same info. To get an updated UID, reset nscd by issuing the command:
nscd -i passwd
To clear the cache and rebuild the new set of caching, or just kill nscd and restart it.