This is the Centrify tested update to avoid the Badlock bug in Samba.
Applies to: All version of Centrify Adbindproxy on RHEL 7.
Question: Are there any special considerations or additional steps needed to configure Centrify Adbinproxy on a RHEL 7 system?
Answer: An issue was recently identified on Red Hat 7 systems which could affect the integration of Centrify Adbindproxy with stock Samba. As a result, in addition to the steps in the Samba integration guide, please do the following to complete the setup:
1) cd /etc/centrifydc/scripts/ 2) vi functions.cdc 3) Comment out the following 2 lines:
4) Run adbindproxy.pl. 5) By default, /sbin/adkeytab is a symbolic link to /usr/share/centrifydc/bin/cdcexec, and this needs to be changed.
# ls -l /sbin/adkeytab lrwxrwxrwx. 1 root root 33 May 2 15:19 /sbin/adkeytab -> /usr/share/centrifydc/bin/cdcexec # rm /sbin/adkeytab # ln -s /usr/share/centrifydc/libexec/adkeytab /sbin/adkeytab # ls -l /sbin/adkeytab lrwxrwxrwx. 1 root root 38 May 4 08:50 /sbin/adkeytab -> /usr/share/centrifydc/libexec/adkeytab
6) Run 'net cache flush' 7) Verify it is working:
# systemctl status centrifydc-samba.service
RedHat 7 has SELinux and Firewall enabled by default. If issues are present after completing the above steps, please run the following:
1) net rpc getsid - This will fail if the firewall is enabled and should be disabled. 2) net getdomainsid - You should get 2 lines back. If not, or if it fails, please verify the 2 lines in the functions.cdc file are commented out and run adbindproxy.pl again.
Note: For more information on how to deploy Centrify Adbindproxy, please see the Samba Integration Guide that is included with the Adbindproxy file download.