Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4803: What is the impact of placing files before centrifyda in /etc/nsswitch.conf

Auditing and Monitoring Service ,  

26 December,14 at 10:09 PM

Question:
What is the impact of placing files before centrifyda in  /etc/nsswitch.conf?

Answer:
If you place 'files' in front of 'centrifyda' in /etc/centrifyda/centrifyda.conf, all the NSS calls are satisfied by /etc/passwd first.

Local users will be matched by this module, and the user's shell will be whatever it is stored in /etc/passwd.

Since the DA NSS module is not invoked, there is no software module that inserts the DA shell in the passwd entry returned to the login process.

This means all local users WILL NOT be audited, regardless of what the customer sets in their configuration.

You can still use per-command auditing for all users (which includes both local and AD users).

AD users should not be impacted. They will be audited as specified in their audit level.

The dainfo command will report "NSS Active" only when centrifyda is the first entry in nsswitch.conf.

If the you modify the file to have "files" first , the dainfo command  will not return the correct status ( AD users are being audited).
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-4291: What files are modified by Centrify DirectControl or DirectAudit during install & adjoin process articleKB-2835: DirectAudit 3.x and /etc/nsswitch.conf article[TIPS] A Centrify Server Suite Cheat Sheet articleKB-1274: Why is centrifyda/centrifydc before files in nsswitch.conf? articleKB-3925: How to add Centrify parameter to a group policy articleKB-8732: What is the Impact of Disabling SMBv1 (WannaCry) article[Security Corner] The Sarbanes-Oxley Act and Centrify Server Suite articleKB-2119: The impact of winbindd on Centrify Enabled Samba