Log output: /opt/ca/siteminder/log/XPSDDInstall.log
Initializing database, please wait...
(ERROR) : [sm-xpsxps-07256] getpwuid failed with error code 0.
(WARN) : [sm-xpsxps-01040] No policy data found
(ERROR) : [sm-xpsxps-07050] Context user is unknown.
(FATAL) : [sm-xpsxps-04390] Unable to establish administration context.
Strace output shows the library: /usr/lib/libnss_sss.so.2 attempting to be loaded, however the file doesn’t exist (see screen shot below).
The client uses a third-party provisioning tool to manage Unix accounts. The accounts reside in their AD server. When you examine /etc/passwd
or /etc/group, there will be no trace of the SiteMinder service account (smuser:smgroup).
Either of the following will solve the problem:
- Create local accounts on the Unix server (Not PAM or other off-box accounts)
- Install required packages to support off-box accounts:
Note: The libraries shown below match the PAM tool encountered, which this company uses. The required library may vary for other situations.
- sssd-client.x86_64 (64-bit)
- sssd-client.i686 (32-bit)