Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-8755: CentrifyDC fails to start due to a protection fault in libkrb5.so

Authentication Service ,  

26 May,17 at 07:08 PM

Applies to: Centrify DirectCOntrol 5.4.0 on all supported platforms

Problem:
1. The “service centrifydc start” command takes a long time to complete.
2. Domain logins are not working.
3. Syslog includes errors such as below:
Mar 31 17:48:54 ldt-1774089.gfdl.noaa.gov kernel: traps: adclient[6612] general protection ip:7fc9cd19a99d sp:7ffcb72c5aa8 error:0 in libkrb5.so.3.3[7fc9cd164000+c9000]

Cause:
There is a bug in the process that  does the cleanup of non fips entries.
For adclient, the key is generated with nonfips allowed enctype cannot be used with FIPS mode is enable.
As long as fips.mode.enable: true is set in centrifydc.conf once adclient is restarted, adclient will run in compliant mode.

Workaround:
Please set the following parameter to false in /etc/centrifydc/centrifydc.conf
adclient.krb5.keytab.clean.nonfip.enctypes : false

Resolution:
This issue is fixed in the 2017.1 release.


 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-8867: Solaris Samba not able to connect with NT_STATUS_CONNECTION_DISCONNECTED and krb5_kt_start_seq_get failed (No such file or directory) error article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part III article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part I article[Security Corner] The Sarbanes-Oxley Act and Centrify Server Suite articleKB-3078: Centrify failed to upgrade due to missing libstdc++.so.5 articleKB-8306: Centrify-enabled samba not accessible due to error "NT_STATUS_CANT_ACCESS_DOMAIN_INFO" articleKB-8065: SQL Server Reporting Services Service Start Timeout on Windows 2008R2 articleKB-8958: MFA with DirectControl fails with SSL connection error