I just installed Centrify on my MAC, however, I am unable to access my webmail. I have macOS 10.13.4 (High Sierra). Is there something else that I need to install to access the site from my mac?
↧
Accessing Military Webmail
↧
Please input Samba's path: What is it?
I have had a difficult time with this. I've read online that users just hit <ENTER> , but that is not working for me. I've been successful a couple of times with /opt/centrify/samba, but the server I'm working on now does that have that path. Here is what it has:
Paths:
SBINDIR: /usr/sbin
BINDIR: /usr/bin
CONFIGFILE: /etc/samba/smb.conf
LOGFILEBASE: /var/log/samba
LMHOSTSFILE: /etc/samba/lmhosts
LIBDIR: /usr/lib64
MODULESDIR: /usr/lib64/samba
SHLIBEXT: so
LOCKDIR: /var/lib/samba/lock
STATEDIR: /var/lib/samba
CACHEDIR: /var/lib/samba
PIDDIR: /run
SMB_PASSWD_FILE: /var/lib/samba/private/smbpasswd
I believe I have tried all these directories, but I still get is not a valid Samba path!
↧
↧
Centrify Cloud Connector restrict to a OU
Is their any way with Centrify Cloud Connector that it can be restricted to look at one Organizational Unit in Active Directory ?
↧
Unable to run adbindproxy
I have installed Ubuntu 16.04 LTS and went to configure Samba by running adbindproxy. I have successfully joined the domain and I can log in with a domain account. All is working there. I installed samba using apt-get install samba to use the default installer with Ubuntu. When I run adbindproxy.pl I get the following "Please input Samba's path" No matter what path I try it fails. Does anyone know what to do here? I've tried pressing enter, using a /, etc. and nothing works. I just downloaded this today so it would be the latest version on the website.
↧
Local Logins No Longer Working After Install of Centrify Express for Linux
Looking for an alternative to Samba and Windbind, I decided to take a bet on Centrify's Linux Express product with the hope of rolling it out to a production environment. In the course of attempting to get my Samba environment up and running (with the assistance of CE), I encountered an unexpected and unpleasant development: I lost my ability to login using my former local UNIX admin account.
I have tried whitelisting the accounts under /etc/centrifydc/user.ignore&& /etc/centrifydc/group.ignore, and confirmed that my user is still a member of the 'sudo' group (there is no 'admin' group under Ubuntu 16.04LTS.
Does anyone have any suggestions?
So far, I am not seeing a whole lot of upside from moving away from Winbind.
Also, can someone expand on what the Direct Manage Express product is? I installed in on my Windows admin system and oddly it simply installed Deployment Manager, no management options contained inside of that program...
Thanks in advance!
↧
↧
Autorid Idmap Backend Option for Samba
Its been my experience that a plain vanilla installation of Centrify DC Express on Linux, and by extentions, the installation of Centrify ADBindProxy Utility, results in a Samba configuration that defaults to tdb as the idmap backend, as seen below:
idmap config * : backend = tdb
idmap config * : range = 1000 - 200000000
idmap config * : base_tdb = 0
Ideally, I would like to be able to take advantage of the improvements available with the newer Autorid backend. I cannot find any documentation that suggests whether or not this option is supported.
I am hoping that support or someone with first hand experience can confirm whether or not any other backends are supported.
Thanks in advance.
↧
Autorid Idmap Backend Option for Samba
Its been my experience that a plain vanilla installation of Centrify DC Express on Linux, and by extension, the installation of Centrify ADBindProxy Utility, results in a Samba configuration that defaults to tdb as the idmap backend, as seen below:
idmap config * : backend = tdb
idmap config * : range = 1000 - 200000000
idmap config * : base_tdb = 0
Ideally, I would like to be able to take advantage of the improvements available with the newer Autorid backend. I cannot find any documentation that suggests whether or not this option is supported.
I am hoping that support or someone with first hand experience can confirm whether or not any other backends are supported.
Thanks in advance.
↧
Unified Logging and syslog/log
Hi everyone;
I'm currently running into an issue with Macs running Sierra and High Sierra. I am tasked with showing the authenticated times for a user to a manager for the past 30 days.
Before I would run :
less /var/log/system.log | egrep "PAM authentication|PAMVerifyPassword2"
Now, system.log does not record more than 3 days(I think) and syslog has been replaced with the log command which uses Apples Unified Logging system.
I tried running:
log show --style syslog | fgrep "PAM authentication granted"
What would be the best approach to accomplish this task after Centrify writes to the log and be able to query it even after 30 days?
We are a for a paid customer with the full suite and Centrify running in licensed mode.
Thanks!
↧
AD user account unable to log into machine
Hi we are trying to get centrify up and running on our few macs in our windows domain. Ive come across a problem where one of our mac laptop users can no longer log into there AD account. Our mac laptops are all encrypted with File Vault and so currently need to log into a local user account to allow network accounts to be logged in.I am not sure if this is part of the problem or not but this method has been working for the last month since we started test centrity. I came across this article while searching for a solution to my problem.
We followed all of the resolution steps under part 3 wich was the login error we were seeing. After we did the adflush the user was then able to log in using the terminal and then into there ad account. We then did a restart and the same login issue of shaking screen occured while logging into the ad account.
Any help would be greatly apreciated!
Thanks,
Nick Tango
↧
↧
Does the deprecation of Microsoft Services for UNIX have any impact on Centrify Express?
I'm currently running some Linux Centrify Express clients in a Microsoft Server 2012 R2 Active Directory forest that is running at Server 2008 R2 functional level. Years ago Microsoft Services for UNIX was installed when we we still running Server 2003 R2 and the AD schema was extended. Given that that SFU is deprecated in Server 2012 R2 and no longer available in Server 2016, does that have any impact upon Centrify Express or Centrify Server Suite clients? Our AD domain admins claim that since the schema was extended, that's all we really need from them to continue integrating Linux/UNIX systems into AD.
↧
sudo hanging for 10 minutes on Solaris 10
Hi,
My sudo ("sudo su - <user>") hangs for around 10 minutes before giving me the login prompt of the <user>.
I'm using the following Centrify versions on Solaris 10.
I do have "nscd" running on this server and I tried restarting "nscd" and Centrify DC and DA services but it's nothing better.
Anyone else having a similar problem?
CentrifyDC 5.1.0-497
CentrifyDA 3.0.0-428
Thanks for your help in advance!
- Young
↧
sudo problem after an upgrade (remove then a new install)
Hi,
Using the "install.sh" script, I uninstalled old CentrifyDC and CentrifyDA versions without saving the contents in /etc/centrifydc and /etc/centrifyda directories.
Then, I installed the new version CentrifyDC 5.2.1-301 and CentrifyDA 3.2.1-314.
After that, I still have no problem logging onto my account.
But, if I try "sudo su -", I cannot any longer.
Any advice what configuration I should check?
It's definitely not the local sudoers file, I know.
Thanks.
- Young
↧
Signing forms-Express (Mac) for Smart Card
So, I can't seem to sign Adobe forms. I have a form open in Adobe Acrobat DC. I try to sign by clicking on the pinkish-red arrow, and it tells me that there is no signature configured on my computer. A dialogue opens that asks me to select from a few options, I choose "USe a Signature Creation Device: Configure a smart card or token connected to your computer." My CAC is plugged in (and I am successfully signed in to my webmail). I then get this error message "
Adobe Acrobat could not find any new digital IDs. If your digital ID is on a hardware token, please make sure it is plugged in and the token interface is properly configured. Contact your system administrator for further assistance."
I really don't know where to begin. According to Adobe, the digital ID should automatically be available if the devices is connected and "properly configured." Any ideas on things I need to do?
Running OSx10.13.4 and Centrify Express for Smart Card. I am able to successfully log into email, my gov web portal, and several other gov sites using this CAC. I have followed the installation instructions on MilitaryCAC.com and have installed all the current certificates and deleted the outdated/bad ones as it directs.
↧
↧
Keychain issues with Mac OS 10.11
Greetings to all. I apologize, because I am a centrify end-user and not an administrator, so I don't know all the details on what exactly is installed on my machine. I do know that we now have a version of Centrify and require a government PIV card to log in to the machine. Here is my question:
Since the update, my keychain has never quite worked the way I think it should. I understand that the normal default keychain is gone, and there is now a token-protected keychain in it's place. Fair enough. Unfortunately, that keychain seems to be unmodificable, and continously asks me for a password, even though nothing I enter works. It is very frustrating, because I get a dialog box that I must keep clicking "deny" until it goes away, only to reappear a few minutes later.
There are other issues... disappearing Safari extensions, periodic loss of iCloud support, etc., but that "please enter the password for your token-protected keychain" message is the worst. Any idea about how to smooth out those bumps? Thank you VERY much!!
↧
How to remove all files after Agent uninstall.
Hi,
Am trying to remove all the installation files after the agent install on a test machine.
After Running "/bin/sh /usr/share/centrifydc/bin/uninstall.sh"
I Still got the below:
/etc/selinux/targeted/active/modules/400/centrify-krb5-2 /etc/selinux/targeted/active/modules/400/centrifyda /etc/selinux/targeted/active/modules/400/centrifydc-2 /etc/selinux/targeted/active/modules/400/centrify-krb5-2/cil /etc/selinux/targeted/active/modules/400/centrify-krb5-2/hll /etc/selinux/targeted/active/modules/400/centrify-krb5-2/lang_ext /etc/selinux/targeted/active/modules/400/centrifyda/cil /etc/selinux/targeted/active/modules/400/centrifyda/hll /etc/selinux/targeted/active/modules/400/centrifyda/lang_ext /etc/selinux/targeted/active/modules/400/centrifydc-2/cil /etc/selinux/targeted/active/modules/400/centrifydc-2/hll /etc/selinux/targeted/active/modules/400/centrifydc-2/lang_ext #/var/centrifydm /var/centrifydm/tmp /var/centrifydm/tmp/CentrifyInstall /var/centrifydm/tmp/adcheck-rhel5-x86_64.1010203237 /var/centrifydm/tmp/centrify-suite-2018-rhel5-x86_64.tgz.1010203237 /var/centrifydm/tmp/CentrifyInstall/CentrifyDA-3.5.0-rhel5.x86_64.rpm /var/centrifydm/tmp/CentrifyInstall/CentrifyDC-5.5.0-rhel5.x86_64.rpm /var/centrifydm/tmp/CentrifyInstall/CentrifyDC-curl-5.5.0-rhel5.x86_64.rpm /var/centrifydm/tmp/CentrifyInstall/CentrifyDC-ldapproxy-5.5.0-rhel5.x86_64.rpm /var/centrifydm/tmp/CentrifyInstall/CentrifyDC-nis-5.5.0-rhel5.x86_64.rpm /var/centrifydm/tmp/CentrifyInstall/CentrifyDC-openldap-5.5.0-rhel5.x86_64.rpm /var/centrifydm/tmp/CentrifyInstall/CentrifyDC-openssh-7.6p1-5.5.0-rhel5.x86_64.rpm /var/centrifydm/tmp/CentrifyInstall/CentrifyDC-openssl-5.5.0-rhel5.x86_64.rpm /var/centrifydm/tmp/CentrifyInstall/adcheck-rhel5-x86_64 /var/centrifydm/tmp/CentrifyInstall/centrify-suite.cfg /var/centrifydm/tmp/CentrifyInstall/centrifydc-install.cfg /var/centrifydm/tmp/CentrifyInstall/install-express.sh /var/centrifydm/tmp/CentrifyInstall/install.sh /var/log/centrifydc-install.log
Marked into the tmp i believe i can just delete.. but re selinux, can I jsut delete or?
semodule -r centrify libsemanage.semanage_direct_remove_key: Unable to remove module centrify at priority 400. (No such file or directory). semodule: Failed! --- semodule -r centrifydc libsemanage.semanage_direct_remove_key: Unable to remove module centrifydc at priority 400. (No such file or directory). semodule: Failed! ------- semodule -r centrifyda libsemanage.semanage_direct_remove_key: Removing last centrifyda module (no other centrifyda module exists at another priority).
Remaing:
/etc/selinux/targeted/active/modules/400/centrify-krb5-2 /etc/selinux/targeted/active/modules/400/centrifydc-2 /etc/selinux/targeted/active/modules/400/centrify-krb5-2/cil /etc/selinux/targeted/active/modules/400/centrify-krb5-2/hll /etc/selinux/targeted/active/modules/400/centrify-krb5-2/lang_ext /etc/selinux/targeted/active/modules/400/centrifydc-2/cil /etc/selinux/targeted/active/modules/400/centrifydc-2/hll /etc/selinux/targeted/active/modules/400/centrifydc-2/lang_ext
↧
Where can I obtain PIV.tokend?
I had been using my VA PIV card to for remote access until last year when it stopped working. I don't remember if it was due to changes made to the VA's remote access architecture or upgrades to my Mac OS. I didn't need remote access much back then, so I didn't put forth much time troubleshooting the problem. Now I could benefit from using remote access again, so I've started doing some troubleshooting.
When I examine the following folder, the contents are empty: System > Library > Security > tokend
It appears that I need the PIV.tokend fild. I've reinstalled the Centrify drivers and verified that my mac connects to my SCR3310 reader. Any idea how I can get the PIV.tokend file again--I assume I had it when I previously was able to use the VA's CAG.
↧
DirectControl - need to obtain UID before provisioning
Hi all,
I have a situation where I need to know what the UID for a user is going to be, before they are actually provisioned in the zone.
I know DirectControl assigns a unique UID for a user.
Wondering if this UID value is deterministic.
any help is appreciated
Greg
↧
↧
Ubuntu 18.04 login issue
Hello,
I am not able to login in Ubuntu 18.04 from active directory user.
Ubuntu 18.04 successfully join in AD of windows server 2008. I am able to login from ssh in Ubuntu 18.04 but it fails in GDM3 i.e not able to login from Ubuntu GUI
↧
centrifydc not a zone user in docker
I followed this document https://centrify.force.com/support/Article/KB-8928-How-to-set-up-Centrify-in-a-Docker-container/ and set up Centrify Express in my docker.
I can verify the user using both "adinfo -v username" and "kinit username" command. adinfo shows centrifydc mode is connected and the License feature is enabled.
However, when I tried "adquery user username" command, it gave the message that the user is not a zone user in docker, the same command works in host environment.
adinfo shows the same zone information on both host and docker.
What else did I missed?
The difference that I found is the host centrifydc version is 5.3.1 and the docker version is 5.5.0
Thanks
↧
Installation error saying Each SPN must be unique across the forest
Hi,
Trying to install Centrify 5.2.3-429 on Solaris 10, I'm getting the following error toward the end of the installation and the server cannot join the domain.
With an older version of Centrify, I had no problem on the same server to join the domain, etc.
Accounts that contain same SPNs is: CN=dc4orapc5n4,CN=Computers,DC=mycompany,DC=priv Each SPN must be unique across the forest. Please make sure the SPNs listed above are unique across the forest before joining. Join to domain 'phx.mycompany.priv', zone 'Auto Zone' failed. join failed Error detected. More information may be found in the logfile (location is /var/log/centrifydc-install.log). Exiting ...
Any advice on what to do to fix the issue?
Thank you in advance!
↧