Re: Centrify Express 5.4.3-887 can't SSH. Only on 1 out of 45 servers.

Hi 

The provided log snippet indicates the user name is invalid, could you please check if this is the same username format you used on other working servers? Is this server joined to the same AD domain and Centrify zone like other servers?

To further investigate this issue, please find the debugging steps below and collect the required log files. 

Plesae send the files to our DL address communitysupport@centrify.com. 

Please check the debugging steps below and collect the log files from the problematic server.

========== On SSH server ===========
1, Based on the adinfo --diag output this server is running with stock OpenSSH.

If its stock SSH, it should look like this when running command '#ps -ef | grep sshd':
root 12427 1 0 Feb15 00:00:04 /usr/sbin/sshd

2, Enable debug 3 for SSH issue on SSH server and enable Centrify Debug mode
a) Modify the sshd_config file to uncomment and change the values from:

#SyslogFacility AUTH
#LogLevel INFO

To:

SyslogFacility AUTH
LogLevel DEBUG3

b) Save the changes

c) Restart OpenSSHd from the /etc/init.d script

d) Enable Centrify debug mode by running

#/usr/share/centrifydc/bin/addebug on
#/usr/share/centrifydc/bin/addebug clear

Make sure /var/log/centrifydc.log is growing in size.

e) Please run the following commands to get basic information for user

# adquery user AD_User_Name -A > /tmp/adquery_user.txt
# dzinfo AD_User_Name -A > /tmp/dainfo.txt

3, Start sshd in debug mode, using full path, specifying a different port number like say 2022, and the following options:

#/usr/sbin/sshd –ddde –p 2022 > sshd.log 2>&1


========== Please go to SSH client ===========

4, Please reproduce the ssh issue from client side by running:
$ ssh -vvv -p 2022 AD_User_Name@Server_Name
Please save the output into a file, e.g. ssh_output.txt

========== Please go back to SSH server ===========

5, Please disable debug mode
#/usr/share/centrifydc/bin/addebug off
#adinfo –t [AD_domain_name]

(Depending on how large the AD environment is, this may take a long time to return to prompt and so please stop with Ctrl+C once it is felt the issue has been captured.)

6, Please reverse the changes related to Debug3 in step 2 back.


We need the following files:
a) /tmp/dzinfo.txt and /tmp/adquery_user.txt from ssh server in step 2

b) /tmp/sshd.log from the ssh server in step 3

c) ssh_output.txt from ssh client in step 4

d) sshd_config from ssh server

e) /var/centrify/tmp/adinfo_support.tar.gz from ssh server

Thanks,

Amy