When analyzing a Solaris 11 machine via Deployment Manager and using DirectAuthorize for privilege elevation, an error is thrown: "Cannot execute the privileged command in this computer using DirectAuthorize...."
All versions of Centrify DirectControl on versions of Solaris 11(.x)
When running a 'Refresh Computer Information' or 'Analyze' process via Deployment Manager on Solaris 11(.x) machines and using DirectAuthorize for privilege elevation, the following error is observed:
"Cannot execute privileged command using DirectAuthorize Cannot execute the privileged command in this computer using DirectAuthorize. Please define the role assignment for user 'rook' to allow executing all commands as root."
The history trace of the operation may show something similar to the following:
" “History”: Connecting to 10.40.16.150... The operation has timed out. ---- ERROR DETAILS ---- Source: Centrify.Cfw.Core Type: System.TimeoutException Message: The operation has timed out. Help link: ---- STACK TRACE ---- at Centrify.Util.AsyncStream.Read(Byte buffer, Int32 offset, Int32 count) at Centrify.NetIO.Expector.Expect(Regex exprs, Boolean truncate) at Centrify.NetIO.NetIOBase.Send(String message, Boolean eatit, Boolean showInLog) at Centrify.NetIO.NetIOBase.SendLine(String message, Boolean eatit) at Centrify.NetIO.Ssh.NetShell.ExecuteCommandWithQuery(String command, IEnumerable`1 patterns) at Centrify.DeploymentManager.Task.ComputerTask.PrepareNetShellAndRun(RunArguments args, String ipOrHost) "
The issue is that the default shell for Solaris 11 is /bin/sh, which is a symlink to ksh93. ksh93 is notorious for some functionality discrepancies that it brings into the equation (it is very buggy). In this situation, ksh93 disallows us to set the PS1 or TERM variables, which is required for Deployment Manager to successfully connect and operate. Once we change the PS1 value, the shell misbehaves and sends unexpected control characters to the SSH client (in this case Deployment Manager).
1) Change the following parameter within /etc/centrifydc/centrifydc.conf
2) run 'adreload' on the machine
3) Try to run a Refresh or Analyze through Deployment Manager once more.
This is a limitation of the default shell on Solaris 11(.x). The above workaround serves as the resolution if this issue should be encountered.