Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-8538: After Enabling Smartcard, sctool -s Gives the Error "Cannot determine Centrify Smart Card status"

Authentication Service ,  

12 April,17 at 04:54 PM

Applies to:

All versions of Centrify DirectControl 
To enable the Smartcard, the following command is run and returns without any error
# sctool -e

When sctool -s is executed to determine the status of Smartcard, the message is returned:
Cannot determine Centrify Smart Card status. Make sure that Centrify is installed correctly and this computer is joined a domain correctly, or contact a system administrator

The sctool -e command did not make the neccessary changes in /etc/pam.d/smartcard-auth file.

Before sctool -e the /etc/pamd.d/smartcard-auth files look similar to:

User-added image

After sctool -e, the changes made are seen in the image below:
User-added image

Although the links and files are created correctly, the content of smartcard-auth does not have the changes required to enable Smartcard.  A correct smartcard-auth file will have entries such as see here:
User-added image

If these entries are missing the sctool -s will fail.

The debug logfile has these entries:
Apr 07 17:29:40 rhel732 sctool[123025]: DEBUG redhat.sctool Reset PKCS #11 module to our own Coolkey module.
Apr 07 17:29:40 rhel732 sctool[123025]: DEBUG redhat.sctool In doStatus()
Apr 07 17:29:40 rhel732 sctool[123025]: DEBUG redhat.sctool doStatus() on [/etc/pam.d/smartcard-auth]: 3
Apr 07 17:29:40 rhel732 sctool[123025]: DEBUG redhat.sctool doStatus() : Returning 3

When the value of 3 is returned from doStatus(), this identifies the file that causes the sctool to throw the message.

1) Disable Smartcard
# sctool -d

2) Replace the smartcard-auth-ac file with an out-of-the-box file from a similar machine.

3) Enable Smartcard 
# sctool -e

4) Make sure changes were made to /etc/pam.d/smartcard-auth

Resolved in a future release of Centrify Server Suite