Hi Guys,
I would like the edit the email notifications that we receive from Centrify. Currently we are getting email alerts every 5 minutes from Centrify directory synchronization service.
I can't seem to find where we turn this off?
I thought it would be Centrify > Settings > Customization > System config however the SMTP details here are blank so must be elsewhere.
Any ideas? Can't seem to locate it
It seems like I have a remnant of a previous configuration that causes this part to fail. Server dc.sub.example.com is not know by DNS of /etc/hosts. If you're sure the name is correct, then add it to /etc/hosts. The name isn't correct. I've grepped through some samba, kerberos, sssd, etc. conf files and can't find it. The actual server name is 'cdc'. I subbed the sub.example part of the fqdn for this post.
Thanks,
Steve
Hi I'm trying to install express but it says the OS isnt supported. Even with the --no_os_check. Any suggestions?
Thank you,
# ./install-express.sh --no_os_check
***** *****
***** WELCOME to the Centrify Express installer! *****
***** *****
Detecting local platform ...
WARNING: /etc/os-release exists but OS_REV is unknown
DISTRIB_ID=LinuxMint
DISTRIB_RELEASE=18.3
DISTRIB_CODENAME=sylvia
DISTRIB_DESCRIPTION="Linux Mint 18.3 Sylvia"
ERROR: The above OS release is not supported anymore. Exiting...
Error detected.
Error detected. More information may be found in the logfile
(location is /var/log/centrifydc-install.log).
Exiting ...
I'm been using Centrify express for a while. We have are moving to a new domain. I'm sure the new domain will give all of the users a new UID and groups will get a new GID. Is there a way to keep them the same? Can they be mapped or changed in AD or in Centrify?
I have a need to delete/remove an AD account from an Ubuntu 16.04 workstation ideally, so I can have the user login again and recreate it. I receive an error whenever I attempt to use the User Accounts GUI or "userdel" from command-line. I presume this has something to do with the difference between a local account and a network/AD account but my Linux knowledge is severly lacking.
Can anyone offer any suggestions or tips? I've attempted to search these and other forums but have had no luck.
Hi, I need help with an issue on old Centrify system client.
The good server is running this version of the client
This is RH 5.11 version
# yum list | grep Cen
CentrifyDC.x86_64 5.1.0-497 installed
CentrifyDC-openssh.x86_64 6.0p1-5.1.0.472 installed
The problem child server is running:
This is running 7.2 but we have another parititon setup that is running 5.11 as well
# yum list | grep Cent
CentrifyDC.x86_64 5.4.3-887 installed
CentrifyDC-curl.x86_64 5.4.3-887 installed
CentrifyDC-openldap.x86_64 5.4.3-887 installed
CentrifyDC-openssl.x86_64 5.4.3-887 installed
On the good server the following user:
# adquery user fake
fake:x:1234:101:fake user:/home/fake:/bin/csh
on th e bad server
# adquery user fake
fake:x:1234:101:fake user:/home/fake:/sbin/nologin
Both server are using the same domain controller
What is missing here ?
In my organization, we are using the Centrify Connector 17.10 on a Windows 10 Professional machine to link to Active Directory. However, when trying to upgrade to version 18.2, I now get an error stating that the connector only runs on Windows Server. Our Active Directory environment is Linux (Samba4) based, and we have no Windows Server systems on our network, and no plans to purchase any (it is outside of our budget). This is going to become a problem as soon as the connector version 17.10 is no longer supported. Is it possible to link our Active Directory setup to Centrify without using a Centrify Connector, or will there be a version of the connector available for Windows 10 in the future? Thank you.
Hello
I work in a team thet usese centrify mobile APP to get a token that works as a "second password" to connect with CISCO AnyConnet to a remote server. So... longstoryshort, I have a very old a outdated smarthphone and I do not have space to download de APP, so, I dowload the Centrify desktop trial and I'm trying to configure it to get this token number to login to AnyConnect.
Any Ideas or Help?
Screens:
https://i.imgur.com/v8t05f7.jpg
https://i.imgur.com/9kiPaHu.jpg
Regards
hello guys
I need your help, i'm not a linux guru but time to time i need to work with it, and i would like to improve it. And the same one user asked me to add his account to a dialout local group in oder to connect to his arduino.
In this linux box the user is authenticated through and Centrify. If i had to add this account to some local group i saw that i cannot use the usermod command but i have to write his account manually in the correct group in the file /etc/group.
The Question is i have also to modify the configuration files as i read in this post Add AD User to Local Group
/etc/centrifydc/centrifydc.conf, uncomment and change the following paramter to true
adclient.local.group.merge: true
Because our new SysAdmin have added only the user to the Local Group in /etc/group without editing the centrifydc.conf file.
So basically when we need to set the adclient.local.group.merge to true?
I have a server in production that I'm trying going to eventually move to another domain. I was wondering if it is possible to have centrify connected to a second domain to start setting things up to test before removing it from the 1st domain?
I have a clone of my production server. I have changed the hostname, domain name, IP address. I tried to adjoin another domain, but it says it is still joined to a domain. When I run adinfo I see that it is still joined to the old domain and showed the name of the production server as the name it was joined as. I'm afraid if I run adleave on this box it will make the production server leave the domain? Is that correct? If so, How do I get this one to not be considered on the domain?
I'm having a couple of issues. As I mentioned in another post I cloned my production server which Centrify is working great. We are moving to a new domain so I wanted to test on the clone. I changed hostname, domain name, DNS, IP address. I installed the latest version of Centrify for Redhat Enterprise 7.1 linux. I left the domain and added it to the new domain. No issues that I was aware of with the install. I'm not able to SSO from Centrify's putty. It prompts for password. Once I entry the password I can login. So AD authentication is working, but no SSO like the production server. I'm pretty sure I'm using the same configuration files in Centrify and the same setup in Putty. Not sure what the issues is.
Second, I tried to install adbindproxy.pl but I get an error "Could not determine NTLM domain or SID" then the installation terminates. My internal domain is domainname.local.
How do I solve these two issues?
We have centrify express and have recently started to have issues. We can download the app and enroll, but it won't pull down any of the security policies and it won't set up the email profile. It's not prompting to set up a phone password and its not preventing me from taking a password off of the phone. We are on version 18.5.2. We haven't made any changes to the policies or settings on the server. I've restarted the server. It does not work on apple or android phones and i've tried multiple accounts. Has anyone else run into this issue before? Thank you!
I have a server in production, computer accounts reside in sa.corp.example5.net domain and user accounts reside in corp.example5.net domain. I am using Centrify Express version.
I cannot join machines directly to corp.example5.net, I can join machines to sa.corp.example5.net and then move those machines to corp.example5.net.
I can see few user account listing from sa.corp.example5.net. I cannot see any user accounts listing from corp.example5.net. I had tried to login using username@corp.example5.net and it give access denied error.
I was wondering if it is possible to login using parent domain user accounts.
I created a clone of my production server and installed the latest version of Centrify-express. I'm also using the latest version of Centrify Putty. On the cloned I'm getting prompted for username name and password. I've looked at the settings for putty for connecting to the orig server and the clone. They are the same. I'm not sure how to troubleshoot this.
I have 4 DCs with 4 separate domains all with cross domain trust.
I have a linux box running centrify express.
To authenticate ssh access, we have local domain groups that are named the same in each domain ("local.ssh.users"), but contain users from the primary user domain
Doing "adquery group local.users.ssh" returns the local group, with the users I added:
Doing just "adquery group" returns all 4 SSH groups. This seems to override the actual local group, because subsequently doing "adquery group local.ssh.users" returns a single group **with no users** with a different GID
# #1. query just the group # # adquery group local.users.ssh local.users.ssh:x:71304443:user1,user2 # #2. Query all groups (and grep out the group name) # # adquery group | grep local.users.ssh local.users.ssh:x:71304443:user1,user2 local.users.ssh:x:1010828370: local.users.ssh:x:1803551825: local.users.ssh:x:981468283: # #3. Query just the group again # # adquery group local.users.ssh local.users.ssh:x:1010828370:
I can restore the original group query by doing "adflush -f"
What is going on and how can I control this behavior?
Hi Guys,
I joined the my centos machine to our AD using centrify. I'm able to list user groups using ID DOMAIN+user. But when I try to edit muy application pam to use pam_centrifydc.so the application complained that the pam response was only returning the user not DOMAIN+user.
Searching on google I found that I could use the auto.schema.name.format: NTLM to force it to use DOMAIN+user.
It did work, but for some reason now the response from pam is a lowercase domain. its returning domain+user instead of DOMAIN+user. Any idea on how to make it return the domain in uppercase?
Tks,
Roberto Cossetti
I have a group of users in AD that I would like to have access to a folder via samba. The home directory and samba-test folder works great. I created a third directory that I assigned the valid users to "valid users = +AD\file_access". Any thoughts why I get a login prompt?
The directory is group is set to the AD group and has RWX set. The OS is Redhat 7 with Samba 4 installed.
We upgraded systems from macOS 10.13.3 to 10.13.4, and now are having issues with two applications accessing our smartcard. Everything was working fine under 10.13.3 with Express for Smart Card 5.4.2.
Following the upgrade one of the applications (a Kerberized ssh client) sometimes sees the smartcard and works after a reboot. But, if the smartcard is removed and reinserted, the application then cannot see it. The second application (current Cisco Anyconnect VPN client) never appears to recognize the card. I tried completely uninstalling (following the directions in the forum) Express for Smart Card, and then reinstalling it, but we are still having the issue.
On a side note, applications like Safari, which use Apple's built-in smartcard support, are working fine with the smartcard. Any help is appreciated.
I installed Centrify express on my Mac that is running High Sierra 10.13.4 and it has yet to work I have gone through many of the community boards containing similiar issues and tried the fixes that have been put in them but to no avail. When I open the smart card assistant it shows the CAC card and says that there are three attempts at authentication remaining but it never asks me for the PIN number to authenticate it, the only time it ask for the PIN is when I run the diagnostics and from what I can see on the report there are no errors. I have uninstalled and re-installed express, I have verified and re-installed the driver for my CAC card reader as well as reloading all the certificates. I know the CAC card reader and ID are fine as I connected it to a friend Mac and it worked instantly. I was wondering what other options you might recommend to correct this issue?