adclient: DEBUG util.except (cims::RPC) : NetLogon::authenticate failed: Buffer Overflow

If you running DirectControl 5.0.x and have addebug enabled then you may see below authenticate failed messages pretty much every 30 seconds in your /var/log/centrifydc.log file,

adclient[12219]: DIAG  <bg:updateOS> smb.rpc.netlogon authenticate - useAuthen3=1.

adclient[12219]: DEBUG <bg:updateOS> util.except (cims::RPC) : NetLogon::authenticate failed: Buffer Overflow (reference ../smb/rpcclient/netlogon.cpp:247 rc: -2147483643)

These messages are getting logged because your computer's samAccountName (in layman's terms hostname) is greater than 15 characters long on DirectControl 5.0.x. This has been fixed in 5.1.0 and in current latest version that is 5.1.2 at the time of writing this blog post.

Every 30 seconds Centrify's adclient checks to see if the correct OS version and tatoo are set. If it is not, then it will first try to update these via NETLOGON API. If this fails too, then it will try with LDAP. However since the computer's samAccountName (in layman's terms hostnameis greater than 15 characters long, the NETLOGON API throws an exception so the LDAP method is never tried. This means the agent process will report a failed event every 30 seconds.

To check if addebug is enabled,

/usr/share/centrifydc/bin/addebug status

To turn on the addebug,

/usr/share/centrifydc/bin/addebug on

To turn off the addebug,

/usr/share/centrifydc/bin/addebug off

So, if you are still running DirectControl 5.0.x then it's time to upgrade to latest available version.

This post appeared on the by Sumit Goel. Copyright © 2012–2013 – and Sumit Goel. All rights reserved. Not to be reproduced for commercial purposes without written permission.

1 comment:

Be sure to check back again because I do make every effort to reply to your comments here.