× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

user cannot list dzinfo

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 5
Registered: ‎10-27-2014
#1 of 9 196
Accepted Solution

user cannot list dzinfo

Unexpectedly, new users added to Centrify can not log in to the server.

[root@s01apl145 ssh]# dzinfo beliene
ERROR: No such user named "beliene"

 

All the old users are working fine .

 

[root@s01apl145 ssh]# dzinfo sobral
User: sobral
Forced into restricted environment: No
Centrify Cloud Authentication: Supported

Role Name Avail Restricted Env
--------------- ----- --------------
LOGIN_UNIX_Role Yes None
/Global
ADMIN_Role/Glob Yes ADMIN_Role/Glo
al bal

Effective rights:
Password login
Non password login
Allow normal shell
Visible

Centrify Cloud Authentication:
Not Required

Audit level:
AuditIfPossible

Always permit login:
false


PAM Application Avail Source Roles
--------------- ----- --------------------
* Yes LOGIN_UNIX_Role/Glob
al


Privileged commands:
Name Avail Command Source Roles
--------------- ----- -------------------- --------------------
Cmnd_ALL/Global Yes * ADMIN_Role/Global


Commands in restricted environment: ADMIN_Role/Global
Name Avail Command Run As
--------------- ----- -------------------- ----------
Cmnd_ALL/Global Yes * self

Posts: 869
Topics: 3
Kudos: 219
Blog Posts: 4
Ideas: 0
Solutions: 116
Registered: ‎07-06-2010
#2 of 9 194

Re: user cannot list dzinfo

Please make sure the user has a UNIX profile.

 

What is the output of "adquery user beliene"?

 

Thanks,

 

Felderi Santiago
Technical Director - NA East, LATAM
Centrify Corporation
Found my response helpful? Click the Kudos button!
Follow Centrify:
Participant II
Posts: 5
Registered: ‎10-27-2014
#3 of 9 179

Re: user cannot list dzinfo

Look.

 

[root@s01apl145 ~]# adquery user beliene
beliene is not a zone user

 

 

This user ( beliene )  is member of AD Centrify Group where others user ca login .

Centrify Advisor IV
Posts: 158
Registered: ‎07-13-2012
#4 of 9 175

Re: user cannot list dzinfo

Hello,

 

Can you please run the command with -A option? This will give all information about the UNIX profile. As Fel said there is good chance that this User doesn't have a UNIX profile set in this Computer Zone or above.

 

adquery user -A beline

Remember that CSS provide least privilege access, means that no Users by default will have access on a Computer unless they have both conditions below true:

- User has a UNIX Profile setup in the Zone hierarchy (Computer Zone or Global Zone)

- User has a Role assigned that allow him to login (or at least to be visible)

 

If one of those condition is missing then the User will be ignored by the agent, and shows as "not a zone user"

 

Cheers

Fab

-----------------------------------------------------------------------------------------------------
Don't forget to mark posts as "Solution" to help other identify quickly the answers. And don't be afraid to deliver Kudos as well when you are happy with the solution ;)
Participant II
Posts: 5
Registered: ‎10-27-2014
#5 of 9 172

Re: user cannot list dzinfo

Look .  The beliene and bc111215 are at the same Prov Group

.


Fabrice wrote:

Hello,

 

Can you please run the command with -A option? This will give all information about the UNIX profile. As Fel said there is good chance that this User doesn't have a UNIX profile set in this Computer Zone or above.

 

adquery user -A beline

Remember that CSS provide least privilege access, means that no Users by default will have access on a Computer unless they have both conditions below true:

- User has a UNIX Profile setup in the Zone hierarchy (Computer Zone or Global Zone)

- User has a Role assigned that allow him to login (or at least to be visible)

 

If one of those condition is missing then the User will be ignored by the agent, and shows as "not a zone user"

 

Cheers

Fab


 

[root@s01apl145 ~]# adquery user -A beline
Error: No such user beline
[root@s01apl145 ~]# adquery user -A bc111215
unixname:bc111215
uid:1304592350
gid:1304592350
gecos:BRUNA CAROLINA FERREIRA GONCALVES
home:/home/bc111215
shell:/bin/bash
auditLevel:AuditIfPossible
isAlwaysPermitLogin:false
dn:CN=BC111215,OU=Morumbi,OU=SAS - Usuarios,DC=Sulamerica,DC=br
samAccountName:BC111215
displayName:BRUNA CAROLINA FERREIRA GONCALVES
sid:S-1-5-21-3764628799-417417015-3749288136-163806
userPrincipalName:BC111215@sulamerica.br
canonicalName:sulamerica.br/SAS - Usuarios/Morumbi/BC111215
passwordHash:x
guid:5f613e92-8270-4c1c-92db-84c71a1e04c7
accountExpires:Never
passwordExpires:Sun May 28 10:12:25 2017
passwordWillExpire:78
nextPasswordChange:Mon Jan 2 11:12:25 2017
lastPasswordChange:Mon Jan 2 11:12:25 2017
accountLocked:false
accountDisabled:false
requireMfa:false
zoneEnabled:true
unixGroups:bc111215,gg_centrify_sas_va
memberOf:sulamerica.br/SAS - Centrify/Provisioning Groups/GG_CENTRIFY_SAS_VA,sulamerica.br/SAS - Centrify/Provisioning Groups/GG_Centrify_Provisioning_Groups,sulamerica.br/SAS - Centrify/Provisioning Groups/GG_Centrify_Provisioning_Users,sulamerica.br/Security Groups/GG_WKS_ADM_VERAO,sulamerica.br/Security Groups/Groups - BI/SASVA/GG_SASVA_Prod_User_AuditMedExt_LongPerm,sulamerica.br/Security Groups/Groups - BI/SASVA/GG_SASVA_Prod_User_COFE_AUTO_SaoPaulo_Corporativo,sulamerica.br/Security Groups/Groups - Baseline/AdmLocal/GG_BASELINE_ADMLOCAL_AJ0211291VM,sulamerica.br/Security Groups/Groups - Baseline/AdmLocal/GG_BASELINE_ADMLOCAL_AJ0211383VM,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_ARP,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_AT,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_FC,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_FIND,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_HOSTNAME,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_IPCONFIG,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_MODE,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_MORE,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_NBTSTAT,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_NETSTAT,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_NSLOOKUP,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_PING,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_REGEDT32,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_REGSVR32,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_ROUTE,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_SUBST,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_TRACERT,sulamerica.br/Security Groups/Groups - Baseline/Arquivos/GG_BASELINE_PERMITE_XCOPY,sulamerica.br/Security Groups/Groups - File Server/CT-IBM/P003S001/GG_P003S001_SAST_CHANGE,sulamerica.br/Security Groups/Groups - File Server/CT-IBM/P003S001/GL_P003S001_SAST_CHANGE,sulamerica.br/Security Groups/Groups - File Server/GG_SASLOG_MTZ02_CHANGE,sulamerica.br/Security Groups/Groups - File Server/MATRIZ/P004S001/Global Group/GG_P004S001_SASLOG_CHANGE,sulamerica.br/Security Groups/Groups - File Server/MATRIZ/P004S001/Global Group/GG_S02FS08_GAD_READ,sulamerica.br/Security Groups/Groups - File Server/MATRIZ/P004S001/Local Group/GL_P004S001_SASLOG_CHANGE,sulamerica.br/Security Groups/Groups - File Server/MATRIZ/P004S001/Local Group/GL_S02FS08_GAD_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/MORUMBI1/Global Group/GG_MORUMBI1_SENAV_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/MORUMBI1/Global Group/GG_MORUMBI1_SERIN_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/MORUMBI1/Local Group/GL_MORUMBI1_SENAV_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/MORUMBI1/Local Group/GL_MORUMBI1_SERIN_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/P026S001/Global Group/GG_P026S001_APPL_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/P026S001/Global Group/GG_P026S001_ATV_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/P026S001/Global Group/GG_P026S001_DICDADOS_CHANGE,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/P026S001/Local Group/GL_P026S001_APPL_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/P026S001/Local Group/GL_P026S001_ATV_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/P026S001/Local Group/GL_P026S001_DICDADOS_CHANGE,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/S03FS14/Global Groups/GG_S03FS14_AUDMEDIC_CHANGE,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/S03FS14/Global Groups/GG_S03FS14_DIRETRIZES_TECNICAS_SAS_CHANGE,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/S03FS14/Global Groups/GG_S03FS14_GEPSU_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/S03FS14/Global Groups/GG_S03FS14_SEMAP_SUAME_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/S03FS14/Local Groups/GL_S03FS14_AUDMEDIC_CHANGE,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/S03FS14/Local Groups/GL_S03FS14_DIRETRIZES_TECNICAS_SAS_CHANGE,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/S03FS14/Local Groups/GL_S03FS14_GEPSU_READ,sulamerica.br/Security Groups/Groups - File Server/MORUMBI/S03FS14/Local Groups/GL_S03FS14_SEMAP_SUAME_READ,sulamerica.br/Security Groups/Groups - IIS/GG_ALLSERVERS_HOTSITE_READ,sulamerica.br/Security Groups/Groups - IIS/GL_ALLSERVERS_HOTSITE_READ,sulamerica.br/Security Groups/Groups - Proxy/LIB_PERFILWEB_PADRAO,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f476c6f62616c2047726f75702f47475f53415544455f43472d505245535441444f5245535f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f476c6f62616c2047726f75702f47475f53415544455f43472d53415544455f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f476c6f62616c2047726f75702f47475f53415544455f43494431305f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f476c6f62616c2047726f75702f47475f53415544455f4354495f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f476c6f62616c2047726f75702f47475f53415544455f504c55534f46545f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f476c6f62616c2047726f75702f47475f53415544455f56444641524d415f41444d494e,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f476c6f62616c2047726f75702f47475f53415544455f574f524b464c4f575f41505f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f4c6f63616c2047726f75702f474c5f53415544455f43472d505245535441444f5245535f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f4c6f63616c2047726f75702f474c5f53415544455f43472d53415544455f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f4c6f63616c2047726f75702f474c5f53415544455f43494431305f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f4c6f63616c2047726f75702f474c5f53415544455f4354495f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f4c6f63616c2047726f75702f474c5f53415544455f504c55534f46545f55534552,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f4c6f63616c2047726f75702f474c5f53415544455f56444641524d415f41444d494e,73756c616d65726963612e62722f53656375726974792047726f7570732f47726f757073202d2053756c416dc3a9726963612053797374656d732f53415544452f4c6f63616c2047726f75702f474c5f53415544455f574f524b464c4f575f41505f55534552,sulamerica.br/Sites/MATRIZ/Groups/SCRIPT UNICO/GG_P004S001_SC,sulamerica.br/Sites/MATRIZ/Groups/SCRIPT UNICO/GG_P004S001_SIMAS,sulamerica.br/Users/CERTSVC_DCOM_ACCESS,sulamerica.br/Users/Domain Users

Participant II
Posts: 5
Registered: ‎10-27-2014
#6 of 9 170

Re: user cannot list dzinfo

Both conditions to login are ok for both users .

 

 

Centrify Contributor III
Posts: 29
Registered: ‎07-07-2012
#7 of 9 146

Re: user cannot list dzinfo

@SulAmerica, as we just spoke offline, the problem was with the ZPA service. After we checked the credentials and restarted the service, the users were correctly provisioned to UNIX Data / Users on the zone and could log on to the servers.

Participant II
Posts: 5
Registered: ‎10-27-2014
#8 of 9 137

Re: user cannot list dzinfo

Great.  The issue was solved.

Centrify Guru I
Posts: 1,639
Registered: ‎07-26-2012
#9 of 9 133

Re: user cannot list dzinfo

@SulAmerica,

 

Can you please edit the post with the user information and remove the output of the aquery user -A command?

 

Thanks!

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: