Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-46201:AD users no longer valid after patching SUSE12 SP3

Authentication Service ,  

28 December,20 at 04:18 PM

After applying OS patches to a SUSE 12.3 machine provisioned active directory users are not able to login to the machine, although the
"adinfo" command  shows the system is in connected mode.

Environment Specifics:
SELINUX is enabled and enforcing and the system is also running the NSCD process.

This issue is caused by SELINUX now being available for use on the SUSE12 SP3 OS.
 Centrify does not currently install the SELINUX module for SUSE. 
We see that when SELINUX is changed to permissive mode using
"setenforce permissive" that getent passwd works fine.
But when SELINUX is in enforcing mode, it behaves erratically - sometime it works, some times it does not.
This is because the NSCD process cannot access adclient over the unix socket (daemon2).

If allowed in your environment SELINUX can be disabled or set to permissive or the NSCD process must be turned off.
Alternalty you can build the centrifydc selinux policy on SUSE12 and install it.

1) Make sure the selinux-policy-devel package has been installed. Or install it from YAST.
2) Login to SuSE12 SP3 machine, put  the attached centrifydc-2.te and centrifydc-2.fc into a directory(e.g. ~/DC-selinux).
3) Enter that directory, compile centrify selinux module.
cd ~/DC-selinux; make -f /usr/share/selinux/devel/Makefile
4) Install the selinux module.
sudo semodule -i ~/DC-selinux/centrifydc-2.pp

Release 2021 will include support SELINUX for SUSE 12 SP3 OS by default.