Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7243: ADuser cannot run 'adinfo' command, getting krb5cache error

Authentication Service ,  

22 July,16 at 07:25 PM

Applies to: 

Centrify DirectControl On All versions


Problem:

When AD user run Centrify command 'adinfo', it hung.  The error in Centrify debug show as follow:

auth|security:debug adinfo[17104936]: DEBUG base.kerberos.krb5cache Error while to resolving ccache for user, try to get next ccache. 
.......
auth|security:debug adinfo[17104936]: DEBUG util.except (NotFound) : /var/krb5/security/creds: No such directory (reference util/include/path.h:238 rc: 0) 

If AD user try to destroy and reinitialize his/her kerberos credential, the following error will display as follow:

$ /usr/share/centrifydc/kerberos/bin/kdestroy
kdestroy: Credentials cache permissions incorrect while destroying cache
Ticket cache NOT destroyed
$ /usr/share/centrifydc/kerberos/bin/kinit
kinit(v5): Configuration file does not specify default ream when parsing name <Adusername>
$ /usr/share/centrifydc/kerberos/bin/klist
klist: Credentials cache permissions incorrect while setting cache flags (ticket cache FILE:/var/krb5/security/creds/krb5cc_#####)


Cause:

There is a possibility that an Administrator modify the permission on /var/krb5 directory.  By default the permission should be set to '755'


Resolution:

Verify and modify as root the permission on /var/krb5, it should be as follow for example:

drwxr-xr-x   3 root      system       256 Oct 22 2013      krb5

# chmod 755 /var/krb5

Related Articles

 articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-2067: adinfo "joined as" does not update after dns suffix changes articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0)