Users unable to authenticate with error message as Profile Variable %{shell}, not found for user and this user has a partial profile.
Applies To: All versions of Centrify DirectControl
Problem: Users unable to authenticate with error message as
“Profile Variable %{shell}, not found for user [username], therefore this user has a partial profile”
Cause: The filesystem was full. Centrify was unable to read /etc/centrifydc/centrifydc.conf variables while filesystem is at its capacity.
For user profile that has attributes resolved at runtime, like %{shell}, %{home}, ...etc., Centrify will need to read the configuration file /etc/centrifydc/centrifydc.conf to find parameters with "nss.runtime.defaultvalue.var.*" in order to replace the value. But when the filesystem is at its full capacity, adclient will have trouble accessing the file hence not able to replace with runtime value.
Workaround: N/A
Resolution: Fix the filesystem capacity.
Note: In this particular issue, customer encountered the filesystem issue on RHEL6 from multiple Java VM segfaults and core-file creation, caused by RHSA Errata to address CVE-2017-1000364. Fix was to apply Errata RHSA-2017:1723 or later