AutoSys Workload Automation

We have Linux servers where Agents are installed.  All of the servers has Centrify installed for authentication.  While I am not an expert in Centify, I understand it joins Linux to Active Directory for authentication.  The company is planning to remove Centrify so that authentication will go directly to Active Directory.

Since Centify was removed on a Linux server, we have not been able to run a simple command job that executes 'ls -al'.  The job fails with exit code -655.  The Agent log shows:State SUBERROR Failed SetEnd Status(User does not exist in the system) Cmpc(4018)

The owner is in both Active Directory and in the autosys_secure database. 

Executing chkusr results in a positive response: User and Password okay.

Has anyone else had Centify (not Centrify Express) on their servers and had it remove to pass authentication directly to Active Directory and have it worked.  If so, what changes have you done to make this work.

The appropriate EEM policies were already in place before Centrify was removed and we were able to execute the job before Centrify was removed.  So I do not believe that there needs to be any additional modification to EEM policies since only after Centrify was remove on the Agent server is when we started to encounter the -655 error.

It sounds like removing Centrify eliminated the link to Active Directory (AD) so the user effectively no longer exists.

The job owner must be a user defined to the system. autosys_secure does not apply in this case.

Without Centrify how is the authentication going "directly to AD"?

If you are using SSSD or Samba winbind on Linux to connect to AD, then you’ll need their respective 32bit libraries or install a 64bit CA WA System Agent.

Please lookup the /etc/nsswitch.conf for the passwd entry to identify the module used for AD communication.

Cheers,

Chandru

Hi Chandru,

I've provided your information to the Unix SA.  Can you clarify the 32 bit libraries.  Are you referring to Samba or something else?

Hi Lester,

If it's RHEL, then the samba library needed is samba-winbind-clients-3.6.9-164.el6.i686 (the version number could be different). If SLES, then the library is samba-winbind-32bit-3.6.3-0.39.1

Thanks,

Chandru

Per the Unix SA: , it is using samba and winbind to join with active directory based on redhats integration guidelines.

Okay, we gave up on trying to get this to work.  Although the 64bit agent did the trick, I installed a PS plug-in and was not able to execute a sendevent command.  The error was related to unknown users/password.

So now our direction is to have Centrify Express installed to replace the licensed version of Centrify.  Has anyone had any experience using Centrify Express.  Is there anything I need to change on the Agent side or will it work like it did with Centrify?  Any information will be appreciated.  please also provide email address if you have information on what needs to be changed to get AutoSys Agent working with Centrify Express.  Also be aware that we use the AE install media to install both the Agent and Client, Windows server 11.3.6 and Linux servers 11.3.5.

Thanks.

Hi Lester,

"I installed a PS plug-in and was not able to execute a sendevent command...."

Are you referring to the legacy Peoplesoft Adapter 2.1.0? I am not sure why the Peoplesoft plug-in would do a sendevent.

Are you OK to share the actual error from PS plugin/adapter/sendevent command?

As far as I can tell, you're missing the 32bit binaries required for the sendevent CLI.

Cheers,

Chandru

Can you please execute this command and share the results, please?

$ find / -name "libnss_centrifydc*" -exec ls -l '{}' + 2>/dev/null

$ echo $LD_LIBRARY_PATH