There are several reasons why an attempt to log in can fail. If you are denied access to a computer:
Verify that the computer you are trying to log in to has access to an Active Directory domain controller.
If an Active Directory domain controller is not available or the local computer is not a member of an Active Directory domain, you might be prevented from logging in because the agent cannot verify that you have authority to access the computer.
Verify that you have a complete UNIX identity profile.
Verify that you have been issued at least one role with a right that allows you to log in using a standard shell or a restricted shell.
If you have access only to a restricted shell, you can only execute explicitly defined commands.
If you have a UNIX profile, but cannot log in to your terminal, you may have been assigned the listed or local listed role. These roles allow your profile to be visible in a zone, but do not grant any access rights.
After the Centrify Agent has been installed, you must have a role assigned to your account that gives you log in privileges. If an attempt to log in fails, contact your Active Directory administrator or help desk to determine the roles you have been assigned, the type of access your roles grant, and any limitations associated with your role assignment. For example, roles can have time constraints with specific periods of availability. If you attempt to log in, but the role is not available at the time you attempt to log in, you will be denied access.