Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6636: Incorporate the Centrify Direct Audit shell into the Direct Authorize path

Centrify DirectAudit ,   Centrify DirectControl ,  

27 September,16 at 06:11 PM

Applies to:

DirectControl 5.2.3 on all platforms

Problem:

When run as user audited by Centrify Direct Audit, 'dzdo -i' will get cdash instead of that user's original shell, thus failed the dzcmd check and user has to set and assign one more dzcmd for this.

The error below was given when failed stating that the shell is changed to use centrifyda:

Sorry, user xxxx  is not allowed to execute '/bin/centrifyda -c ./test_dzdo.sh' as root on xxxx.

Workaround:

If a new command definition includes the centrifyda shell, the command can then be executed successfully.

User-added image

The command will also run successfully if the dzdo is called without the "-i" parameter.

In previous release, when command level auditing is enabled then "dzdo -i" will fail until the right to run /bin/centrifyda or the audited shells command rights are granted to the role. 

The issue is fixed to work with command auditing for DA in Suite 2015 or newer such that the audited command that using known shell can be run without granting the command rights to run the audited shell.

Note that, command rights still need to be granted to /bin/centrifyda when unknown shell is used in running the command.

Resolution:

This is now fixed in Server suite 2016.

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.