Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-5966: Analyze fails for Solaris 11 in Deployment Manager

12 April,16 at 11:44 AM

Applies to:

All versions of Centrify DirectControl on versions of Solaris 11(.x)

Problem:

When running a 'Refresh Computer Information' or 'Analyze' process via Deployment Manager on Solaris 11(.x) machines and using DirectAuthorize for privilege elevation, the following error is observed:

"Cannot execute privileged command using DirectAuthorize
Cannot execute the privileged command in this computer using DirectAuthorize. Please define the role assignment for user 'rook' to allow executing all commands as root."

The history trace of the operation may show something similar to the following:

"
“History”: 
Connecting to 10.40.16.150... 
The operation has timed out.
---- ERROR DETAILS ---- 
Source: Centrify.Cfw.Core 
Type: System.TimeoutException 
Message: The operation has timed out. 
Help link:
---- STACK TRACE ---- 
at Centrify.Util.AsyncStream.Read(Byte[] buffer, Int32 offset, Int32 count) 
at Centrify.NetIO.Expector.Expect(Regex[] exprs, Boolean truncate) 
at Centrify.NetIO.NetIOBase.Send(String message, Boolean eatit, Boolean showInLog) 
at Centrify.NetIO.NetIOBase.SendLine(String message, Boolean eatit) 
at Centrify.NetIO.Ssh.NetShell.ExecuteCommandWithQuery(String command, IEnumerable`1 patterns) 
at Centrify.DeploymentManager.Task.ComputerTask.PrepareNetShellAndRun(RunArguments args, String ipOrHost)
"

Cause:


The issue is that the default shell for Solaris 11 is /bin/sh, which is a symlink to ksh93. ksh93 is notorious for some functionality discrepancies that it brings into the equation (it is very buggy). In this situation, ksh93 disallows us to set the PS1 or TERM variables, which is required for Deployment Manager to successfully connect and operate. Once we change the PS1 value, the shell misbehaves and sends unexpected control characters to the SSH client (in this case Deployment Manager).


Workaround:

1) Change the following parameter within /etc/centrifydc/centrifydc.conf 

nss.runtime.defaultvalue.var.shell: /bin/sh 

to 

nss.runtime.defaultvalue.var.shell: /bin/bash 


2) run 'adreload' on the machine 

3) Try to run a Refresh or Analyze through Deployment Manager once more.


Resolution:

This is a limitation of the default shell on Solaris 11(.x). The above workaround serves as the resolution if this issue should be encountered.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.