Applies to: All versions of Centrify Deployment Manager
Using DM, it is not possible to deploy Centrify software using an account that has root privileges on a server that is running nis (legacy nis and not adnisd). It is possible to deploy the software using the systems local root account.
The nis account has full root access (it has uid of 0, gid of 0) to the systems and its possible to ssh into the machine with this nis account to the console.
Deployment Manager/DM creates temporary folders on the target system(unix box) and copies the installation package in it. After that, DM makes sure that the data in the folder is not compromised and DM does some validation checking including the ownership of the folder.
In this environment, the user is (NIS user) and DM creates temporary folder and set ownership to the user (NIS user). When DM validates the ownership of the folder, the owner is set to 'root'(because the NIS user is map to UID 0 in the local unix box). DM finds the owner is not the same and deletes the temporary folder, that cause the deployment to fail.
The working folder /var/centrifydm/tmp must be owned by the current user. The DM validates it by comparing the name of the user. The ownership of the folder must be done by comparing the userid instead of user name
Centrify has fixed this issue with a special build (One-off version is 5.1.2-387
) to provide option to verify by uid instead of by user name. Support can be contacted for this version.
Note: Suite 2014 has this fix.
Check the attached word doc for detail instruction on how to apply the fix.