Centrify - How To Ignore an AD Account
Posted: Thu May 10, 2012 3:16 pm
We started using the Centrify software in order to use AD to authenticate logins to our Vertica boxes. Our Vertica database is owned by the local dbadmin account. A problem occurred because there was also an active dbadmin AD account in play. Therefore, when we tried to su to the dbadmin user we'd get this response:
If both AD and the local system have an identical username Centrify will take precedence over the local username if Centrify is enabled. Below are the procedures to allow the local user to take precedence and to ignore the AD account.
Code: Select all
[root@vertica01]# su dbadmin
Account with conflicting name (dbadmin) exists locally
You are required to change your password immediately
Changing password for dbadmin
(current) password:
- 1. Become root
2. Edit /etc/centrifydc/user.ignore and add the username to the end of the file
3. Restart the CentrifyDC service using /etc/init.d/centrifydc restart
4. Run the id username command just to make sure it is now pulling local user information