In SuSE Linux Enterprise Server 11 and newer, users (except root) may become unaudited after rejoining a zone. This problem was caused by improper handling of AppArmor security settings. It has been fixed in Suite 2016.
Applies to: Centrify DirectAudit 3.2.3 on SuSE Linux Enterprise Server 11
Problem: In SuSE Linux Enterprise Server 11 and newer, users (except root) may become unaudited after rejoining a zone.
Adleave executes autoedit_default_apparmor.pl to remove CDC additions from /etc/apparmor.d/abstractions/nameservice profile file. Unfortunately, the script removes everything that is "centrifydc", including DA addtions. When nscd is restarted, it was unable to load DA NSS shared library module. Thus, DA NSS was not queried to get the user shell.
Run "dacontrol -d" then "dacontrol -e". This will cause nscd to function properly again with DA NSS because "dacontrol -e" adds DA portion back into the 'nameservice' profile file.