Provisioning users to the server fails with the following error in the logs:
Failed adding user username exit code: 9
- Advance Server Access (ASA)
- Okta Privileged Access (OPA)
- SSSD Deamon
This error can occur when the ASA/OPA's attempt to create the local user is failed by the server because the server already recognizes a user with that name. It can often be caused by the server already having existing local users that match the "Unix Username" attribute of the ASA/OPA user, or if the server is linked to some other integration (for example, SSSD, LDAP, cloud account linkage) that makes the server aware of these pre-existing usernames.
ASA expects to provision and manage local users on the server in accordance with the Unix Username attribute of the ASA/OPA user. If the server is integrated with another solution or service that makes it aware of pre-existing users with these same names, ASA/OPA's attempt to create the user will fail due to this conflict. Therefore consider:
- Removing the relevant integration or stopping the relevant service (in this example, stopping the SSSD service resolved the issue).
- Updating the Unix Username format on the ASA/OPA side to avoid any conflicts.
