Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-4760: AD user fail to login via ftp when Selinux is set to enforcing

Authentication Service ,  

12 April,16 at 11:22 AM

Applies to:
Centrify DirectControl 5.2/5.1.3 on Oracle Linux EL 5.10
After installing Centrify and joining to zone, an AD user cannot ftp if SELinux is set to enforcing.
If SELinux is changed to permissive, it works fine.
Snippet of logs
Installing policy module ...
libsepol.policydb_read: policydb module version 10 does not match my version range 4-6
libsepol.sepol_module_package_read: invalid module in module package (at section 0)
libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/targeted/modules/tmp/modules/CentrifyDC.pp.
/usr/sbin/semodule:  Failed!
Is there any reason why?
This is a known issue caused by incorrect centrifydc policy installation.
Customers can follow the below steps as root:
1) The below command is run to list the modules. Its noticed that Centrify directcontrol did not get installed.
[root@oracle510v3 ~]# semodule -l | grep -i centrifydc
CentrifyDC-openssh 1.0
2) The below command will install the module.

[root@oracle510v3 ~]# semodule -i /usr/share/centrifydc/etc/centrifydc.pp 
3) Now CentrifyDC shows up
[root@oracle510v3 ~]# semodule -l | grep -i centrifydc
CentrifyDC-openssh 1.0
CentrifyDC 1.0.3
4) Its now set to enforcing.
[root@oracle510v3 ~]# getenforce 
5) ftp can be attempted.successfully
[root@oracle510v3 ~]# ftp localhost 
Connected to localhost.localdomain.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): test
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
This is resolved in Suite 2015 (5.2.2)