Centrify - How To Ignore an AD Account

Moderator: NorbertKrupa

Post Reply
User avatar
JimKnicely
Site Admin
Site Admin
Posts: 1825
Joined: Sat Jan 21, 2012 4:58 am
Contact:

Centrify - How To Ignore an AD Account

Post by JimKnicely » Thu May 10, 2012 3:16 pm

We started using the Centrify software in order to use AD to authenticate logins to our Vertica boxes. Our Vertica database is owned by the local dbadmin account. A problem occurred because there was also an active dbadmin AD account in play. Therefore, when we tried to su to the dbadmin user we'd get this response:

Code: Select all

[root@vertica01]# su dbadmin
Account with conflicting name (dbadmin) exists locally
You are required to change your password immediately
Changing password for dbadmin
(current) password:
If both AD and the local system have an identical username Centrify will take precedence over the local username if Centrify is enabled. Below are the procedures to allow the local user to take precedence and to ignore the AD account.
  • 1. Become root
    2. Edit /etc/centrifydc/user.ignore and add the username to the end of the file
    3. Restart the CentrifyDC service using /etc/init.d/centrifydc restart
    4. Run the id username command just to make sure it is now pulling local user information
Jim Knicely

Image

Note: I work for Vertica. My views, opinions, and thoughts expressed here do not represent those of my employer.

Post Reply

Return to “Vertica and the Operating System”