Centrify DirectControl 5.2.3+ on AIX platformQuestion:
Centrify DirectControl not able to authenticate AD user after Installing Oracle RCA KRB5 on AIXAnswer:
Centrify DirectControl and Oracle RCA KRB5 can coexist within the same server. DirectControl installs all its libraries in private directory under /usr/share/centrifydc - except PAM and NSS which has to be in system folder. Other component on the system will not use the Kerberos library shipped in DirectControl.
There might be problem with /etc/method.cfg file if you are experience the following
- Confirm adclient is running and in connected state.
- The command “adquery user” return a list of the AD user as expected
- Running the command “lsuser [AD user account]” report the user does not exist
The problem reported might related to incorrect formatting of /etc/method.cfg file
Example of /etc/method.cfg with correct formatting:
program = /user/lib/security/CENTRIFYDC
program_64 = /usr/lib/security/CENTRIFYDC64
options = noprompt
program = /usr/lib/security/KRB5A
options = athonly
Options = db=BUILTIN, auth=KRB5A
Note 1: Please make sure you backup the existing /etc/method.cfg before editing the file.
Note 2: method.cfg file follow a very specific formatting. If the formatting are off, it will cause components not working properly.
If you continue experience issue, please collect Centrify Debug log and contact support for assistant.
Reference KB: https://centrify.force.com/support/Article/KB-0062-How-to-enable-debug-logging-on-Unix-Linux-machines