Applies to: All version of Centrify Identity Service, Mac Edition
AD users with special character in their username (For example: abc#domain) are able to login when Centrify agent is in “Connected” mode, but fail when performing offline login?
When offline login is performed, Centrify agent is authenticating user credential against the cache that was stored on the machine.
However, when special characters are detected in the username, while the two parameters below are defined in /etc/centrifydc/centrifydc.conf, Centrify agent will substitute the special character into “_” symbol and store into cache.
Therefore, user with special characters in their name will not able to perform an offline login.
To allow special character users to perform offline login even when the parameters defined above, please remove the specific character from the disallow conf parameter below at /etc/centrifydc/centrifydc.conf:
Default on Mac OS X:
Enable parameter without the "#" to allow username with "#" to perform offline login (jsmith#local):
("#" removed from the list)
The parameter define the user name disallowed characters. The values should be careful set not only unsavory chars but also the substitute chars, in order to avoid that the substituted unixname have been existed already.
After editing the parameter above, please run "adreload" and "adflush" to make change effective.
Avoid using the disallow characters that already defined in user naming as it is not suggested.