Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-8554: The "su - <user>" Command Does Not Create the Home Directory For The User

Centrify DirectControl ,  

11 September,17 at 06:31 PM

Applies to: 
Centrify DirectControl 5.4.0 and 5.4.1
 
Problem:
The command: 
 
# su - <username> 
 
has traditionally caused a new user's home directory to be created.  The adclient from Centrify Server Suite 2017 does not create the home directory for a new user.


Cause: 
The problem is due to a side-effect of another issue that was resolved with Suite 2017 where, under certain circumstances, a kerberos TGT (Ticket Granting Ticket) for a user, is kept in transient cache memory and can inadvertently be regenerated by the root account. 


Workaround:
1) As root, open the file /etc/centrifydc/centrifydc.conf .
2) Add this parameter without any value, exactly as shown below.

 
adclient.create.krb5.creds.prog.blacklist: 

3) Save the file.
4) Reload adclient.

 
# adreload 
 
5) Test by running the command:
  
# su - <username>

and ensure the home directory is successfully created.

Note: This workaround will allow the home directory to be created just as in prior versions, but it also reintroduces the TGT issue detailed above.

Resolution:
This issue is fixed in Centrify DirectControl Suite 2017.2 (5.4.2)

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.