Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6099: Centrify DirectControl not able to authenticate AD user after Oracle RAC KRB5 module install on AIX

Authentication Service ,  

14 January,16 at 10:01 PM

Applies to:
Centrify DirectControl 5.2.3+ on AIX platform

Question:
Centrify DirectControl not able to authenticate AD user after Installing Oracle RCA KRB5 on AIX

Answer:
Centrify DirectControl and Oracle RCA KRB5 can coexist within the same server. DirectControl installs all its libraries in private directory under /usr/share/centrifydc - except PAM and NSS which has to be in system folder. Other component on the system will not use the Kerberos library shipped in DirectControl.

There might be problem with /etc/method.cfg file if you are experience the following
  1. Confirm adclient is running and in connected state.  
  2. The command “adquery user” return a list of the AD user as expected
  3. Running the command “lsuser [AD user account]” report the user does not exist

The problem reported might related to incorrect formatting of /etc/method.cfg file

Example of /etc/method.cfg with correct formatting:
[…]
CentrifyDC:
     program = /user/lib/security/CENTRIFYDC
     program_64 = /usr/lib/security/CENTRIFYDC64
     options = noprompt

KRB5A:
     program = /usr/lib/security/KRB5A
     options = athonly

KRB5Afiles:
    Options = db=BUILTIN, auth=KRB5A
[…]

Note 1: Please make sure you backup the existing /etc/method.cfg before editing the file.

Note 2: method.cfg file follow a very specific formatting.  If the formatting are off, it will cause components not working properly.
If you continue experience issue, please collect Centrify Debug log and contact support for assistant.

Reference KB: https://centrify.force.com/support/Article/KB-0062-How-to-enable-debug-logging-on-Unix-Linux-machines

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6041: How to show current license type in use by adclient articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-3925: How to add Centrify parameter to a group policy articleKB-8942: What are the steps to migrate a RHEL Brightstore cluster to Centrify articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out?