Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4803: What is the impact of placing files before centrifyda in /etc/nsswitch.conf

Centrify DirectAudit ,  

26 December,14 at 10:09 PM

Question:
What is the impact of placing files before centrifyda in  /etc/nsswitch.conf?

Answer:
If you place 'files' in front of 'centrifyda' in /etc/centrifyda/centrifyda.conf, all the NSS calls are satisfied by /etc/passwd first.

Local users will be matched by this module, and the user's shell will be whatever it is stored in /etc/passwd.

Since the DA NSS module is not invoked, there is no software module that inserts the DA shell in the passwd entry returned to the login process.

This means all local users WILL NOT be audited, regardless of what the customer sets in their configuration.

You can still use per-command auditing for all users (which includes both local and AD users).

AD users should not be impacted. They will be audited as specified in their audit level.

The dainfo command will report "NSS Active" only when centrifyda is the first entry in nsswitch.conf.

If the you modify the file to have "files" first , the dainfo command  will not return the correct status ( AD users are being audited).
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-4291: What files are modified by Centrify DirectControl or DirectAudit during install & adjoin process articleKB-2835: DirectAudit 3.x and /etc/nsswitch.conf articleKB-3925: How to add Centrify parameter to a group policy articleKB-1274: Why is centrifyda/centrifydc before files in nsswitch.conf? articleKB-8732: What is the Impact of Disabling SMBv1 (WannaCry) articleKB-2119: The impact of winbindd on Centrify Enabled Samba articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6041: How to show current license type in use by adclient? articleKB-6040: How to change the license type in use after adclient successful joined to the AD?