Applies to: All versions of Centrify DirectControl on Redhat 6.x

Question:

A local account is mapped to an AD account with same UID using the account override parameter pam.allow.override in centrifydc.conf 

I.e. the mapped localuser account is setup as follows :

pam.allow.override:  localuser

pam.mapuser.localuser:  localuser@mydomain.com

After the account is mapped, it is reported that 'whoami' returns an incorrect userId when logged in with localuser (AD account) and localuser@localhost (local user):  

Logged in as localuser
   whoami returns localuser

Logged in as localuser@localhost
   whoami returns localuser@localhost

Logged in as localuser again
   whoami returns localuser@localhost

As such, this issue will cause a major problem when changing passwords.

Why does it cache the wrong userId or point to the previous userId and not returning the last logged in userId?


Answer:

The problem in this case is nscd caching. When two users (AD and Local) share the same UID, nscd will remember the last logged in UID. When logging in, nscd will cache the UID and returns that UID, which is localuser@localhost, any subsequent login will have the same info. To get an updated UID, reset nscd by issuing the command:

nscd -i passwd

To clear the cache and rebuild the new set of caching, or just kill nscd and restart it.