Welcome to the Centrify forums.
Sanity checks:
- Check if paul exists in /etc/passwd (grep paul /etc/passwd) - ideally should not exist, but does not matter because of the next test.
- Check the order of /etc/nsswitch.conf for passwd directive centrifydc should be first than files or compat
- Check to make sure that no traces of PBIS exist, should not matter either, but ideally we would not be competing.
Testing
- Check the user status (sudo adquery user -A paul | grep account), ideally the output is:
accountExpires: Never accountLocked: false accountDisabled: false
- Use switch user to isolate issues with SSH (su - paul)
You should be challenged for Paul's password and if all is well, you are able to switch. This proves nothing wrong with the NSS stack (su is NSS-enabled), now let's move on to SSH connectivity.
- Attempt to log in via SSH (e.g. ssh paul@system.name)
If all is well, you should be able to log in, if not, then the issue is with SSH and you must debug (See below)
- Attempt to log in via GUI
In GUI mode, attempt to log in with Paul. Monitor the results. If everything works with su and SSH and the GUI fails, look for the PAM configuration for the GUI (perhaps a reboot hasn't been done since the installation?).
Appendix:
How to debug Centrify and OpenSSH at the same time, just in case you have to submit for inspection.
- Turn ON centrify debug by running "/usr/share/centrifydc/bin/addebug on".
- Next run "<path_to_sshd>/sshd -ddde -p 2222" to start the SSHD server in the foreground with verbosity turned on.
- From the ssh client, connect to the SSH server on port 2222, "ssh -p 2222 -vvv <hostname>" and try to authenticate.
- Please paste the output from the SSH server foreground session for analysis.
- Now turn OFF Centrify debug "/usr/share/centrifydc/bin/addebug off"
- The information collected will be in /var/log/centrifydc.log
- Collect the system diagnostics information by running sudo adinfo --support
- The file with the debug information will be in /var/centrify/tmp/adinfo_support.tar