Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2943: Mapped local override account not returning correct id

Authentication Service ,  

12 April,16 at 11:10 AM

Applies to: All versions of Centrify DirectControl on Redhat 6.x


A local account is mapped to an AD account with same UID using the account override parameter pam.allow.override in centrifydc.conf 

.e. the mapped localuser account is setup as follows :

pam.allow.override:  localuser


After the account is mapped, it is reported that 'whoami' returns an incorrect userId when logged in with localuser (AD account) and localuser@localhost (local user):  

Logged in as localuser
   whoami returns localuser

Logged in as localuser@localhost
   whoami returns localuser@localhost

Logged in as localuser again
   whoami returns localuser@localhost

As such, this issue will cause a major problem when changing passwords.

Why does it cache the wrong userId or point to the previous userId and not returning the last logged in userId?


The problem in this case is nscd caching. When two users (AD and Local) share the same UID, nscd will remember the last logged in UID. When logging in, nscd will cache the UID and returns that UID, which is localuser@localhost, any subsequent login will have the same info. To get an updated UID, reset nscd by issuing the command:

nscd -i passwd

To clear the cache and rebuild the new set of caching, or just kill nscd and restart it.