Applies to: All versions of Centrify DirectControl on all supported platforms
Problem:
After installing Centrify DirectControl on an Oracle server and joining it to a domain, local accounts such as the Oracle service account are no longer working properly.
The following error may be seen when trying to run sqlplus:
ERROR:
ORA-01031: insufficient privileges
Cause:
A possible cause is the Oracle account is a member of the local group 'dba', which is also provisioned as an AD-enabled group and conflicts with the local dba group.
Resolution:
- Enable the following parameter in /etc/centrifydc/centrifydc.conf:
adclient.local.group.merge: true
- Save the changes and either run adreload or restart adclient using: /usr/share/centrifydc/bin/centrifydc restart.
- Retry the previous commands or query the group for example using:
getent group dba
The oracle account should now show up as a member.