Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-7044: Local Groups Not Visible With Using admanagelocal

Authentication Service ,  

21 June,16 at 07:02 PM

After joining the machine to the zone where the machine was NOT precreated in Access Manager, then creating Local Groups via Access Manager, the groups cannot be seen with:
# admanagelocal -R -f
# admanagelocal -l all -g

When the adclient starts up, the computer override structure is fixed for the duration of adclient. Adclient cannot dynamically change the zone structure in flight.  The computer override zone is NOT created by default by adjoin.  So when the computer is joined via adjoin, and adclient launches, it (adclient) does not see the override structure.

In Access Manager, when the Local Groups is used for the first time, this dynamically creates the override structure for the computer.  But this is not visibile to adclient until adclient is restarted.

In the case where the machine is pre-created before the adjoin, the computer override is already created before adjoin launches for the first time. In this case, adclient already knows about the computer override structure immediately after the adjoin.

After creating the Local Group, stop and restart the adclient:
# /etc/init.d/centrifydc stop
# /etc/init.d/centrifydc start
# admanagelocal -R -f
# admanagelocal -l all -g