Centrify - Securing the Cross Platform Data Center

DirectControl Express for UNIX/Linux

turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
User5789
Visitor
User5789
Posts: 1
Registered: 12-01-2010
Accepted Solution

Cannot log in with Oracle Enterprise Manager credentials and Centrify...

Options

12-01-2010 08:22 PM

This is an odd problem, when logging in using credentials in EM Grid Control, and a Centrify managed account, access fails.  When logging in using credentials in EM Grid Control and a local account (/etc/passwd), logins are successful.  The only thing I can deduce so far is a configuration issue with Centrify.

 

We (DBAs) actually ran into this problem a couple of years ago, and the SAs did not know enough about the Centrify product then, so we asked them to leave the service account as a local account only.  Unfortunately, we've come across another situation which requires access to a service account which depends on Centrify, therefore, running the process with local accounts is not acceptable.

 

My question is, has this situation ever been reported?  If so, is there a fix for it?

 

Regards,

 

Albert

Message 1 of 2 (3,702 Views)
Reply
0 Kudos
Centrify
Centrify
Sumana_Centrify
Posts: 130
Registered: 06-18-2010

Re: Cannot log in with Oracle Enterprise Manager credentials and Centrify...

Options

12-09-2010 12:41 PM

Albert was able to resolve the issue by following the below instructions:

 

Oracle Enterprise Manager does support PAM authentication. To enable PAM authentication, create a file called /etc/pam.d/emagent and include the following lines so the authentication for AD users passes through Centrify PAM modules:


#Centrify mod
auth       sufficient     pam_centrifydc.so
auth       requisite      pam_centrifydc.so deny
account    sufficient     pam_centrifydc.so
account    requisite      pam_centrifydc.so deny
session    required       pam_centrifydc.so homedir
password   sufficient     pam_centrifydc.so try_first_pass
password   requisite      pam_centrifydc.so deny

Note: it is important that these lines be at the beginning of the file - before other lines.

Then restart the Oracle EM agent(s) to reload these directives.

References:

Oracle also has a KB article on this, please check their website for the following article:

How to Configure the Grid Control Agent for PAM and LDAP? [ID 422073.1]

 

Additionally, if you see the following errors in Oracle Enterprise agent upon running under TRACE then you need to create a symbolic link under /lib to libpam.so.0.81.5 called libpam.so for 32 bit machines or under /lib64 if it is 64 bit (ln -s libpam.so.0.81.5 libpam.so).

 

2010-12-02 20:47:52,157 Thread-1098135872 DEBUG Authentication: nmejcap: (PDP-auth) Exiting nmejcap_Process_PDP_Authenticate.
2010-12-02 20:47:52,162 Thread-1098135872 DEBUG Authentication: nmejcap.c: ret=157, buf=' LOG: Local Authentication Failed...Attempt PAM authentication...PAM failed with error: libpam.so: cannot open shared object file: No such file or directory '
2010-12-02 20:47:52,162 Thread-1098135872 DEBUG Authentication: nmejcap.c: ret=-10, buf=' LOG: Local Authentication Failed...Attempt PAM authentication...PAM failed with error: libpam.so: cannot open shared object file: No such file or directory '

Message 2 of 2 (3,660 Views)
Reply
0 Kudos
Copyright © 2004-2012 Centrify Corporation.   Terms of Use  |   Privacy Policy