I jiust joined a Centos 6.4 system to our AD via Centrify.
adinfo shows connected and the output of adquery shows users.
The problem is when I try to su to any user I get "user does not exist"
Any help would be appreciated.
Thanks
Steve
↧
Cannot su to user
↧
How to check if centrify is down?
Hi,
We are using IBM Datastage on AIX Servers which is using Centrify for authentication. I am supporting datastage, and we are creating script to check if our datastage login is working on all servers thru ssh.
Now, I need your help. From one of the sandbox server, I wanted to check if cerntrify services are running on other dev,qa,uat and prod servers.
Please advice.
Regards,
Mani
↧
↧
Office 365 SSO with Express for SaaS free
Dear Community,
I am new to Centrify and I am trying to setup Office 365 SSO with free Express for SaaS.
I have followed steps from manual and I have questions now. My Office 365 app is listed in Apps page of Centrify Cloud Manager, provisioning shown as ‘enabled’ and status is ‘deployed’.
But in Users page of Centrify Cloud Manager I can see only few of my users listed. The same for Office 365 – ‘Active users‘ page. How can I select which OU I want to sync or provision? Will it work in free version?
My SSO tests are also not OK. I login to PC with my Active Directory credentials and point my Internet Explorer to https://portal.office.com. I expect my IE to log me in to Office 365 portal with my Active Directory credentials. But it does not work the way I expect. My IE browser shows shortly ‘Activating with Active directory’ message and drops me to Centrify login page. It asks for my email and password there. And I get finally ‘Username or password not recognized’… Any idea where should I start checking to fix it?
Thank you in advance.
↧
Clone Server with Centrify
Created an account to post this question, appears my post locations are limited but hope someone can help me.
Can you clone a LINUX server with Centrify on it? I'm told we must do an AD Leave first, but that would interrupt service on the live production server. I want to be able to clone the live production server (non service impacting), then turn off the NICs on the clone. Start it up and change the IP and host name. Next I want to clear any Centrify SID, serialization information on that server, so I can connect it to the network, then join it to AD / Centrify.
All my other agents, tools, give me some utility, command, script, etc. I can run on the new clone before bringing back on the network to clear its identify with central server. What is the option here for Centrify?
thanks!
↧
Permissions issue on windows server
I have installed Centrify Express on a RHEL 6.3 and Direct Manage on Windows 2008R2 server. I am able to log on to RH side with AD accounts and associated AD password. I have two folders on the windows side setup for NFS sharing. I can only seem to access both folder if "No Server Authentication" is check and "Enable unmapped users access". one folder only works with "allow unmapped user Unix access" The other only works with "Allow Anonymous access" but yet Security is setup the same on both.
UNIX attributes for User's profile appears to be correct. UID and GIDs populate as expected.
I am expecting to be able to uncheck the "No server authentication" and the "Allow unmapped users access".
Also and probably related, if I transfer files from the RH side to the Windows NFS, I always have to change permissions of the files to reflect a Windows account. Ownership is anonymous logon and Null SID appears in the permissions assigned.
Any help would be appreciated.
Thank you in advance.
↧
↧
Cryptic error: "Nothing is installed now"
Trying to install Centrify on a new Mac with Yosemite.
Discovery and Analyze Environment both worked fine, but when I tried to install software, I got this error:
Error executing (cd /var/centrifydm/tmp/CentrifyInstall; ./install.sh -n).
Nothing is installed now.
I can literally find only one single reference to this error, and it's on a linux box years ago.
Pretty hard to figure out anything from this. The trace file is too big to include but I've added the last part of it below.
install.sh ************** rev = 2016 (5.3.0-207) *****************
Thu Apr 28 20:18:10 EDT 2016
INFO: Full Mac OS version: 10.10.5
INFO: TARGET_OS=darwin
INFO: OS_REV=
INFO: ARCH=x86_64
INFO: Express mode is supported
INFO: script_name=install.sh
INFO: current umask: 0022
INFO: Silent mode settings:
CDC_VER=5.3.0
ADCHECK=N
ADJOIN=N
ADJ_LIC=
ADJ_FORCE=
ADJ_TRUST=
DOMAIN=
USERID=administrator
PASSWD=********
COMPUTER=D25QJ0E6F8J4
CONTAINER=Computers
ZONE=
SERVER=
REBOOT=N
ADLICENSE=N
CentrifyDC_nis=K
CentrifyDC_openssh=K
CentrifyDC_krb5=K
CentrifyDC_web=K
CentrifyDC_apache=K
CentrifyDC_ldapproxy=K
CentrifyDC_samba=K
CentrifyDC_idmap=
CentrifyDC_adbindproxy=
CentrifyDC_db2=
CentrifyDA=K
DA_INST_NAME=
CentrifyDC_adfixid=
INSTALL=Y
UNINSTALL=N
DA_ENABLE=N
install.sh: is_installed:
install.sh: get_cur_version:
INFO: CUR_VER=5.3.0
install.sh: Non-interactive mode, ADLICENSE=N
install.sh: search_adcheck:
... found
Running ./adcheck-mac10.9 ...
install.sh: determine_license:
install.sh: set_license_mode:
The mode is express.
Install.sh completed successfully. Nothing was installed or uninstalled.
EXIT CODE: 24
f849329e-55d7-4185-9ae1-6f81b0835b3b
Execute rm -rf /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute id -u Result =0
501
Execute echo "echo 50695028-fb56-461f-9050-747a5072d04d" > /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo "sudo -K;sudo -p "DMPasswordPrompt:" sh -c \"rm -f /var/centrifydm/tmp/args.awk.501\"" >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo 'temp=$?' >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo "echo 7261f0ba-4410-4457-acb0-63783e0dd2bd" >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo 'exit ${temp}' >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute chmod 755 /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute /var/centrifydm/tmp/centrify.cmd.501 Result =0
7261f0ba-4410-4457-acb0-63783e0dd2bd
Execute rm -rf /var/centrifydm/tmp/centrify.cmd.501 Result =0
------ Start running refresh ------
os: darwin
os ver: 10.10
Execute adinfo -d Result =10
Execute cat /var/centrifydc/kset.hostsid Result =1
cat: /var/centrifydc/kset.hostsid: No such file or directory
Execute sudo -K; sudo -p DMPasswordPrompt: sh -c "[ -d '/var/centrifydm' ]" Result =0
Execute [ -r '/var/centrifydm' ] Result =0
Execute [ -L '/var/centrifydm' ] Result =1
Execute ls -ld '/var/centrifydm' | awk '{ print $1 }' Result =0
drwxr-xr-x
Execute ls -ld '/var/centrifydm' | awk '{ print $3 }' | grep root Result =0
root
Execute [ -d '/var/centrifydm/tmp' ] Result =0
Execute [ -L '/var/centrifydm/tmp' ] Result =1
Execute ls -ld '/var/centrifydm/tmp' | awk '{ print $1 }' Result =0
drwxr-xr-x
Execute id | sed 's/uid=[0-9][0-9]*\(([_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$\{0,1\})\).*/\1/g' | sed 's/(\(.*\))/\1/g' Result =0
localadmin
Execute ls -ld '/var/centrifydm/tmp' | awk '{ print $3 }' Result =0
localadmin
Execute umask 022 Result =0
Execute id -u Result =0
501
Execute echo "echo ea265b34-bd3c-42f2-9e9b-9062fdee32e4" > /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo "sudo -K;sudo -p "DMPasswordPrompt:" sh -c \"cat /var/centrifydc/kset.hostsid\"" >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo 'temp=$?' >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo "echo 0db14923-f9f9-4a2c-946e-5b61bcad8c88" >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo 'exit ${temp}' >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute chmod 755 /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute /var/centrifydm/tmp/centrify.cmd.501 Result =1
cat: /var/centrifydc/kset.hostsid: No such file or directory
0db14923-f9f9-4a2c-946e-5b61bcad8c88
Execute rm -rf /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute id -u Result =0
501
Execute echo "echo 540db9dd-47f9-4bed-9663-9b549c1035b2" > /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo "sudo -K;sudo -p "DMPasswordPrompt:" sh -c \"hostname\"" >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo 'temp=$?' >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo "echo 7e29ce7c-c1ae-420b-8253-24088d6f2833" >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo 'exit ${temp}' >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute chmod 755 /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute /var/centrifydm/tmp/centrify.cmd.501 Result =0
D25QJ0E6F8J4
7e29ce7c-c1ae-420b-8253-24088d6f2833
Execute rm -rf /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute /usr/share/centrifydc/bin/ssh -V > /dev/null 2>&1 Result =127
Execute /usr/bin/adinfo -v Result =127
-bash: /usr/bin/adinfo: No such file or directory
Execute ls /usr/share/centrifydc/CentrifyDC-nis-*.tgz.lst Result =1
ls: /usr/share/centrifydc/CentrifyDC-nis-*.tgz.lst: No such file or directory
Execute ls /usr/share/centrifydc/CentrifyDC-ldapproxy-*.tgz.lst Result =1
ls: /usr/share/centrifydc/CentrifyDC-ldapproxy-*.tgz.lst: No such file or directory
Execute ls /usr/share/centrifydc/CentrifyDC-samba-*.tgz.lst Result =1
ls: /usr/share/centrifydc/CentrifyDC-samba-*.tgz.lst: No such file or directory
Execute /usr/sbin/adsec -v Result =127
-bash: /usr/sbin/adsec: No such file or directory
Execute /usr/bin/adlicense | grep 'express' Result =1
-bash: /usr/bin/adlicense: No such file or directory
Execute domainname Result =0
Execute dscl localhost -read /Search | grep 'CSPSearchPath:' Result =0
CSPSearchPath: /Local/Default
Execute dscl localhost -list /LDAPv3 Result =0
Execute sudo -K; sudo -p DMPasswordPrompt: sh -c "[ -d '/var/centrifydm' ]" Result =0
Execute [ -r '/var/centrifydm' ] Result =0
Execute [ -L '/var/centrifydm' ] Result =1
Execute ls -ld '/var/centrifydm' | awk '{ print $1 }' Result =0
drwxr-xr-x
Execute ls -ld '/var/centrifydm' | awk '{ print $3 }' | grep root Result =0
root
Execute [ -d '/var/centrifydm/tmp' ] Result =0
Execute [ -L '/var/centrifydm/tmp' ] Result =1
Execute ls -ld '/var/centrifydm/tmp' | awk '{ print $1 }' Result =0
drwxr-xr-x
Execute id | sed 's/uid=[0-9][0-9]*\(([_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$\{0,1\})\).*/\1/g' | sed 's/(\(.*\))/\1/g' Result =0
localadmin
Execute ls -ld '/var/centrifydm/tmp' | awk '{ print $3 }' Result =0
localadmin
Execute umask 022 Result =0
Execute id -u Result =0
501
Execute echo "echo d51798cf-30ef-410a-9c2d-59f6c3247062" > /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo "sudo -K;sudo -p "DMPasswordPrompt:" sh -c \"ls /usr/sbin/dacontrol > /dev/null\"" >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo 'temp=$?' >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo "echo 0bbce25d-dbbc-47f1-882e-3bf5f56f079a" >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute echo 'exit ${temp}' >> /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute chmod 755 /var/centrifydm/tmp/centrify.cmd.501 Result =0
Execute /var/centrifydm/tmp/centrify.cmd.501 Result =1
ls: /usr/sbin/dacontrol: No such file or directory
0bbce25d-dbbc-47f1-882e-3bf5f56f079a
Execute rm -rf /var/centrifydm/tmp/centrify.cmd.501 Result =0
dscl . -help
dscl . -readall /Users
dscl /Search -help
dscl /Search -readall /Users
dscl . -help
dscl . -readall /Groups
dscl /Search -help
dscl /Search -readall /Groups
Nothing is installed now.
↧
El Capitan -> Centrify agent -> user profile doesn't load
Can someone tell me how I can fix without rebuilding my Mac from scratch not loading user-profile on El Capitan after installing Centrify agent and linking local user with AD account in Centrify zone? The symptom of the not loading profile is a beach-ball spinning forever and not loading the desktop at all. This has been happening on any version of El Capitan up to the latest one and with any version of Centrify agent.
↧
need help getting my military cac card reader to work on my mac
I have a newer home computer thaat is a MAC with an OS X 10.11 El Capitan Version and I cannot get my CAC Card reader for Military purposes to work.
↧
System requirments for Centrify Cloud Connector
Dear Community members,
Where can I find system requirments for Centrify Cloud Connector?
OK, Cloud Connector is 64 bit only, manual says. What are the other limitations / recommendations? May I run it on a virtual server? Desktop OS, like Win 7? Windows Server core?
Thank you in advance!
↧
↧
unwanted Active Directory users synchronized to Office 365 portal
Dear Community members,
I can see a lot of users synchronized from my Active Directory to Office 365 Portal Active Users list.
Before Centrify we have tried Azure AD Connect, it is stopped few weeks ago.
I actually need only few of my AD users in Office 365 portal. I have add them in Centrify Cloud Manager - Roles - Office 365 Role - Members page. But a lot of unwanted users are still listed on Office 365 portal page.
How can I remove those unwanted AD users from Office 365 Portal Active Users list?
Thank you in advance!
↧
DNS Error while integrating Windows AD with Linux Machine
Hi,
I am working on integrating Windows AD with Linux machine. I downloaded Centrify Express and installed it on Windows machine. In the DirectManage Deployment Manager, I received DNS error as shown below.
********Error 1********
No good DNS servers were found.
You must fix this issue before continuing.
Check the IP addresses in /etc/resolv.conf
Alternatively you can use the -s <server> option and
place all required system names in /etc/hosts,
but this is not recommended.
The following table lists the state of all configured
DNS servers.
192.168.59.2 (unknown): dead
*********************
As a result, I cannot proceed ahead and analyze the environment. Can I get help on this?
↧
The operating system information may not be updated after adjoin or OS upgrade
When running Analyze using Centrify DirectControl I see a bunch of warnings that go like this:
Computer <computer name> cannot update its operating system properties or the computer's (<computer location in centrify zone>) keywords property. The operating system information may not be updated after adjoin or OS upgrade.
Any ideas what this might mean?
Thanks,
rjani1
↧
cloning a centrify'd VM, and now it prompts for password
Hi folks,
I'm new to Centrify as I inherited some redhat VMs that have it enabled. They all nicely allow me to Putty to them without prompting for a password (via kerberized AD credentials if I understand it correctly, passing my windows domain creds I suppose). Anyways, we cloned a working VM and the new one (new hostname and IP) now prompts users for a password when the old VM still lets us putty to it without a password.
On the new box:
[root@mq8 centrifydc]# adinfo
Local host name: mq8
Joined to domain: fqdn.com
Joined as: mq8.fqdn.com
Pre-win2K name: mq8
Current DC: dc02.fqdn.com
Preferred site: Default-First-Site-Name
Zone: Auto Zone
Last password set: 2016-04-28 17:58:20 GMT
CentrifyDC mode: connected
Licensed Features: Disabled
The only difference in adinfo between the good and the new box is that one is using the current domain of dc01.fqdn.com and the new one above is using dc02. Are there any considerations that I should be aware of when cloning a vm that I need to tend to for getting it to behave the same as the original vm? I'd appreciate any guidance.
Thanks
↧
↧
Centrify DC 5.3 commands not working in DeployStudio automation
Hi,
I'm testing Centrify DC 5.3 on El Capitan 10.11.4 using scripts to bind the Mac to our AD in a DeplyStudio work flow. Centrify DC 5.1.1 - 5.2.3 work perfectly. However, Centrify DC 5.3 commands will not work on Yosemite or El Capitan when calling them from scripts in DeployStudio v1.7.3. DeployStudio runs the command, but returns errors: the command can't be found. If I add which adinfo to the script I get nothing returned (I should get /usr/local/bin/adinfo). However, if I run the same scripts manually once the Mac has logged in the Centrify commands work and the scripts are able to run properly.
I can install Centrify DC5.2.3 and upgrade it to 5.3. However, I would prefer to install just DC 5.3 and not have to upgrade from DC 5.2.3.
Thanks.
↧
Getting error : Cannot find Active Directory group object $USER.group
Hi,
when I am trying to create new user accounts in centrify the above error appears
I am wondering what might be the reason for it and interesting part is that it don't fails regularly
i.e it fails for 1 out of 10 accounts for the reamining accounts it didn't pop up this error
Thanks in advance
Bhanu
↧
Microsoft Dynamics CRM Online
Dear Centrify experts,
I am trying to setup free Centrify Express SSO for Dynamics CRM Online and let users use their Active Directory credentials to login to Dynamics CRM Online. Is there a manual for this type of setup?
I start with Centrify Cloud Manager – Apps – Add Web Apps – Search – “Dynamics”. There are three items listed: MS Dynamics CRM, MS Dynamics CRM Live and MS Dynamics CRM onMicrosoft. Which one should I chose for Microsoft Dynamics CRM Online?
Thank you in advance!
↧
pam.allow.users does not work
hi
I am using Centrify DC Express edition and I was able to join domain but now everyone can login into the machine and though I added a single user to pam.allow.users in the /etc/centrifydc/centrifydc.conf performed adreload and adflush adquery user returns all users with /bin/bash. Same is with deny option. Can you help with it?
Thanks,
Dmitry
↧
↧
SMB file sharing not working: CentOS 6.7 + CentrifyDC-adbindproxy 5.3.0 + Samba 4.2.10 (CentOS)
I'm trying to address the recently disclosed BadLock Samba vulnerability on my Centrify Express servers that are running the Centrify supplied Samba 3.6.x packages. So I downloaded the new CentrifyDC-adbindproxy 5.3.0 package that is meant to allow the use of OS vendor supplied Samba 4.x packages instead of the previous Centrify Samba 3.6.x packages. All my CentOS servers are fully patched and are running Centrify Express 2016.
I followed the directions included in the downloaded package but ran into numerous problems. First it's not entirely clear exactly which specific Samba packages are required. I found that at a minimum running "yum install samba4 samba4-winbind" seemed to satisfy the requirements. After I installed the CentOS supplied Samba 4 packages, I installed/upgraded the CentrifyDC-adbindproxy package to version 5.3.0 and ran /usr/share/centrifydc/bin/adbindproxy. The problem I immediately ran into was the previous shared folders were not available to users. Active Directory attached Windows clients would be challenged for the login/password credentials. When entered, user credentials were rejected. Here's a typical share definition that I use:
[data]
comment = Data Directory
path = /data
valid users = @DOMAIN\group, @DOMAIN\group1
read only = No
force create mode = 0664
force directory mode = 0775
If I comment out the "valid users" line, users can map a network drive and are not challenged for their AD credentials. However, the share is in a read-only mode despite the fact the POSIX permissions and AD ACL's are correct.
Has anyone else run into this problem? I am missing something? I realize that I am using the Express version and that this is one of those "you get what you pay for" propositions. Any help would be greatly appreciated.
Andrew
↧
AIX Reporting UNKNOWN_USER and not allowing logins
CentrifyDc Express on AIX 7.1. adquery returns good information for IDs, but no one is allowed to login. Here is some of the debug info. The ID trying to login is sstu112. Why are we getting UNKOWN_USER?
# adquery user sstu112
sstu112:x:1619133973:545:Ed Stuart:/home/CORE/sstu112:/bin/sh
May 10 15:51:26 autaap07 auth|security:debug adclient[12321016]: DEBUG <background> daemon
.main now = Tue May 10 15:51:26 2016, nextPasswordChange: Tue Jun 7 15:12:50 2016, lastKr
b5Renew: Tue May 10 15:13:22 2016, lastCacheCleanup: Tue May 10 15:44:26 2016, lastPrevali
date: Tue May 10 15:13:22 2016, lastChkDatadir: Tue May 10 15:45:56 2016, lastAzmanRefresh
: Tue May 10 15:42:56 2016, lastDnsRefresh: Tue May 10 15:12:51 2016
May 10 15:51:26 autaap07 auth|security:debug adclient[12321016]: DEBUG <bg:netstate> netwo
rk.state CacheAccess purge
May 10 15:51:26 autaap07 auth|security:debug adclient[12321016]: DEBUG <bg:chkDatadirFrees
pace> daemon.main Free space left in adclient data dir /var/centrifydc/ is 1228800 Kbytes
May 10 15:51:26 autaap07 auth|security:debug adclient[12321016]: DEBUG <bg:adntlmlist> dae
mon.ipcclient Starting ageADNtlm...
May 10 15:51:26 autaap07 auth|security:debug adclient[12321016]: DEBUG <bg:adntlmlist> dae
mon.ipcclient current timestamp: 1462913486 timeout value: 30
May 10 15:51:26 autaap07 auth|security:debug adclient[12321016]: DEBUG <bg:adntlmlist> dae
mon.ipcclient ADNtlmList size after refresh: 0
May 10 15:51:26 autaap07 auth|security:debug adclient[12321016]: DEBUG <bg:adntlmlist> dae
mon.ipcclient Finished ageADNtlm.
May 10 15:51:26 autaap07 auth|security:debug adclient[12321016]: DEBUG <bg:ageBindings> ba
se.adagent Starting ageBindings...
May 10 15:51:26 autaap07 auth|security:debug adclient[12321016]: DEBUG <bg:ageBindings> ba
se.adagent Finished ageBindings
May 10 15:51:27 autaap07 auth|security:err|error sshd[15859818]: warning: /etc/hosts.allow
, line 2: host name/address mismatch: 172.17.0.10 != l44039.core.cpa.state.tx.us
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 ping > daemo
n.ipclient1 executing request 'ping' in thread 1286
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver lrpc client disconnected normally <fd:10>
May 10 15:51:31 autaap07 auth|security:info sshd[15859818]: Address 172.17.0.10 maps to l4
4039.core.cpa.state.tx.us, but this does not map back to the address - POSSIBLE BREAK-IN A
TTEMPT!
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver Accepted new lrpc2 client on <fd:10> with flags 0x00000006
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd -> centrifydc2_getentry user="sstu112"
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd attribute[0] = "id"
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver Accepted new lrpc2 client on <fd:23> with flags 0x00000006
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> daemon.ipcclient2 executing request 'LAMGetEntry' in thread 1800
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> daemon.ipcclient2 Getting attribute value for user 'sstu112', attribute = 'id'
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> base.adagent Find GUID: e17175bf2e922846895ea65c4723eac6 (7)
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> base.objecthelper age 568, expire age 600, cutoff time 0, refresh 5, negative=false, cac
heOps 7
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> base.adagent Find GUID: e17175bf2e922846895ea65c4723eac6 (7)
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> base.objecthelper age 568, expire age 600, cutoff time 0, refresh 5, negative=false, cac
heOps 7
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> daemon.ipcclient2 id=1619133973
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> daemon.ipcclient2 request 'LAMGetEntry' complete
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd value [0] = 1619133973
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd <- centrifydc2_getentry, result=NSS_SUCCESS(1)
May 10 15:51:31 autaap07 auth|security:info sshd[15859818]: Invalid user sstu112 from 172.
17.0.10
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver lrpc client disconnected normally <fd:23>
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver lrpc client disconnected normally <fd:10>
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver Accepted new lrpc2 client on <fd:10> with flags 0x00000006
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd attribute[0] = "id"
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver Accepted new lrpc2 client on <fd:23> with flags 0x00000006
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> daemon.ipcclient2 executing request 'LAMGetEntry' in thread 1800
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> daemon.ipcclient2 Getting attribute value for user 'sstu112', attribute = 'id'
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> base.adagent Find GUID: e17175bf2e922846895ea65c4723eac6 (7)
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> base.objecthelper age 568, expire age 600, cutoff time 0, refresh 5, negative=false, cac
heOps 7
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> base.adagent Find GUID: e17175bf2e922846895ea65c4723eac6 (7)
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> base.objecthelper age 568, expire age 600, cutoff time 0, refresh 5, negative=false, cac
heOps 7
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> daemon.ipcclient2 id=1619133973
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 LAMGetEntry
> daemon.ipcclient2 request 'LAMGetEntry' complete
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd value [0] = 1619133973
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd <- centrifydc2_getentry, result=NSS_SUCCESS(1)
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver lrpc client disconnected normally <fd:23>
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver lrpc client disconnected normally <fd:10>
May 10 15:51:41 autaap07 auth|security:info syslog: ssh: failed login attempt for UNKNOWN_
USER from 172.17.0.10
May 10 15:51:41 autaap07 auth|security:info sshd[15859818]: input_userauth_request: invali
d user sstu112 [preauth]
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver Accepted new lrpc2 client on <fd:10> with flags 0x00000006
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd -> centrifydc2_normalize user="NOUSER"
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver Accepted new lrpc2 client on <fd:23> with flags 0x00000006
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > daemon.ipcclient2 executing request 'PAMGetUnixName' in thread 1800
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > daemon.ipcclient2 Getting unix name of 'NOUSER'
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
8)> client.sshd value [0] = 1619133973
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd <- centrifydc2_getentry, result=NSS_SUCCESS(1)
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver lrpc client disconnected normally <fd:23>
May 10 15:51:31 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver lrpc client disconnected normally <fd:10>
May 10 15:51:41 autaap07 auth|security:info syslog: ssh: failed login attempt for UNKNOWN_
USER from 172.17.0.10
May 10 15:51:41 autaap07 auth|security:info sshd[15859818]: input_userauth_request: invali
d user sstu112 [preauth]
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver Accepted new lrpc2 client on <fd:10> with flags 0x00000006
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:10 sshd(1585981
8)> client.sshd -> centrifydc2_normalize user="NOUSER"
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <main> daemon.ipcse
rver Accepted new lrpc2 client on <fd:23> with flags 0x00000006
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > daemon.ipcclient2 executing request 'PAMGetUnixName' in thread 1800
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > daemon.ipcclient2 Getting unix name of 'NOUSER'
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > adclient.pam.util Creating CimsContext
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > adclient.pam.util username NOUSER, presented: , effective: , unix: unknown
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > base.schema.auto findByUnixName - name:NOUSER category:Person cacheOps:7
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > base.adagent findObject ADNames: NOUSER name: NOUSER type=SAM domain=CORE.CPA.STATE.T
X.US
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > base.bind.cache ADCB::search base , filter (&(objectClass=User)(|(objectCategory=Pers
on)(objectCategory=Computer))(sAMAccountName=NOUSER)), attrs 2 (cacheOps=7, GC=0)
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DIAG <fd:23 PAMGetUnixNa
me > base.bind.ldap 192.168.210.17:389 search base="DC=core,DC=cpa,DC=state,DC=tx,DC=us" f
ilter="(&(objectClass=User)(|(objectCategory=Person)(objectCategory=Computer))(sAMAccountN
ame=NOUSER))"
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > base.bind.cache ADCB::search: refresh list returns 0 objects
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > base.cache Cache store <GUID=0f440ef3b5e94dc79e50e24ecb09ef18>;CN=SearchMark,CN=CENTR
IFY MARKER,DC=CORE,DC=CPA,DC=STATE,DC=TX,DC=US : update indexes Yes
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DEBUG <fd:23 PAMGetUnixNa
me > base.bind.cache ADCB::search base , filter (&(objectClass=User)(|(objectCategory=Pers
on)(objectCategory=Computer))(sAMAccountName=NOUSER)), attrs 1e (cacheOps=7, GC=1)
May 10 15:51:49 autaap07 auth|security:debug adclient[12321016]: DIAG <fd:23 PAMGetUnixNa
↧
Centrify and CVS
Anyone have trouble installing Centrify on a box running CVS? I have 1 non-centrify'd host in my shop. When I asked why, I was told that the person said it didn't play nice with CVS. Since that person is gone, I can't get the details and before I embark on trying the same thing that person did, I thought I'd check here to see if anyone knows of any gotchas when install Centrify on a box with CVS.
↧