After logging in, particular users are being placed into a DirectAudit emergency shell. These users all use the same (subset of) shells.
Centrify DirectControl 5.2.2 and later on all platforms
When logging in with a specific shell (eg. /bin/csh), the user is placed into a DirectAudit emergency shell with the following message returned:
DirectAudit was run as -centrifyda and determined that the real executable to run is /bin/csh, however /bin/cdax/csh does not seem to exist, or the current user does not have appropriate execute permissions to start it. DirectAudit will now provide an emergency prompt. Please use this prompt to either replace /bin/csh with a known good shell binary (for instance: from media, backups or network), modify the execute permissions on /bin/csh, or to manually disable auditing. Note that as auditing for -centrifyda is currently broken, it is recommended that you avoid execution of any scripts which are interpreted by -centrifyda.
DirectAudit tries to maintain a backup copy of the default system shell, while this shell is not currently available, you may be able to mount the appropriate filesystem to retrieve and use that copy in recovery operations. Copies are kept in the following locations: /usr/share/centrifydc/bin/da.emergency.shell and /etc/centrifyda/da.emergency.shell
Type 'exit' to exit <DirectAudit Emergency Prompt>#
In the scenario above, the user is attempting to login with /bin/csh as their current shell. As far as DirectAudit is concerned, this shell does not exist. In order to successfully audit a shell, our auditing wrapper for the shell must be present. These wrappers are housed in /bin/cdax/ (ie. /bin/cdax/csh). These wrappers are generated when auditing is enabled (dacontrol -e) from the shells currently available to the system, as defined within /etc/shells.
If you encounter this issue, it can be remedied via the following steps:
(1) Ensure the shell exists on the system as an installed shell.
(2) Ensure the shell is listed within /etc/shells (or equivilent)
(3) Disable and re-enable auditing to refresh the auditing wrappers for available shells: