After following the instructions online I am still unable to get my cac card to work. I was using Smart Card Assistant with no issues on 2 different Macs and after the 10.11.6 update niether computer works with my cac reader. Please someone help.
[Admin Edit: Personal contact information removed to protect your privacy]
Hi Robertson,
Iv'e just downloaded what was availavle for Ubuntu in the download page.
Rafi
Hi,
I'me stil struggling with this issue.
Can anyone suggest a way to debug this?
When I use sso with ssh, PUTTY takes the user name and some form of user credentials from my Windows station and pass it to the ssh daemon on the Linux server.
When I use RDP the process that first responds is xrdp. It promts for user name and password and then call xrdp-sesman to authenticate the user. I suspect that xrdp pass the user name and the (missing) password from the prompt and not the Windows credentials.
I had the opportunity to play with this setup for a few minutes this morning.
** Disclaimer: I am not an Ubuntu, xrdp, gnome, kde expert (however, I'm quite curious).
Basically what I did was to follow the steps outlined on this youtube video. I got it working to the point that I can successfully log in. My desktop won't start, but I figured that I should only try to make authentication work.
Here's the information about the system:
The xrdp-sesman PAM config files includes common-auth, just like you have it outlined.
After installing and rebooting, I first tested with a local user and all was fine. Then I tested with an AD user. Here is the sequence:
1. From my RDP session on my Windows system, I typed in the username/password for the AD user in question (dwirth)
note that this user is not in /etc/passwd, it is an AD user (see adquery user above)
2. Then this window pops-up, and provides a sequence on the back-end:
3. I assume that if my system was configured correctly (which I didn't) the gnome, kde or any other desktop would have been launched correctly. I just get the cursor to play with and a grey/black screen.
Note: This setup needs the vncserver to run, so you also have to make sure that you have it working with PAM as well as your chosen desktop.
I can confirm that as xrdp-sesman goes, all is well with Centrify by looking at the auth.log:
There you have it.
Since there's no bug, I suggest that you tail subscribe to the /var/log/auth.log and look at the sequences.
R.P
Hello
It sounds like you may need to update the driver to ensure the reader is compatible with the build of OSX you have.
This site is a great resource for this.
https://militarycac.com/macnotes.htm#see_the_reade
If you update the driver, and the smartcard is still not working as expected, please try to follow these general steps and let us know if you still see issues once complete.
Centrify Express Smartcard Troubleshooting
I hope this helps get you working again.
Have a great day!
Ryan V.
Hi Robertson,
I have already installed cloud connector for domain1.local. If I try to click "Add cloud connector" again, it always shows "Add cloud connector" screen with "DOWNLOAD", "INSTALL" and "REGISTER" options.
How can we add cloud connector for other domain (domain2.local). Do we have to setup another certificate?
Thanks for your help in advance.
Regards,
Ganesan
Dear Centrify experts,
I would like to let Centrify do sync and SSO for me. And I also want to manage licenses with O365 portal. Is it possible?
Best regards,
Nikolay
Adding another cloud connector in that forest, should be as simple as downloading and installing the cloud connector via wizard on a properly sized 64-bit Windows server that is a member of that forest.
I am not sure what Certificate you're talking about; please be specific?
All certs are provided to you (publicly rooted) unless you choose to use your on Certification Authorithy.
Yes you can, absolutely!
The commercial versions provide support for O365 provisioning that includes license management:
You can leverage CIS roles and AD Security groups to provision the proper license type:
R.P
Thanks for your explanation.
Do you mean setting up another member server (in forest2) having Centrify Cloud Connector alone?
Don't we have to configure anything in the Cloud Manager or setup another Centrify server like what we did for forest 1?
Do you mean setting up another member server (in forest2) having Centrify Cloud Connector alone?
Please understand that there's a design decision to be made first. I am not sure you understood my original reply.
Will forest1 adn forest2 ever have a two-way trust relationship?
Let me illustrate an example from one of my demo environments.
I have a local forest running in one of my virtual environments called centrifyimage.vms; but I also have another forest in AWS called corp.centrifying.net. Sometimes I need to provide demos outlining exactly what you just inquired about. Here's a diagram:
So what I did, was to add Cloud Connectors on member servers on both forests:
Now when I need to pick users or groups, I can do it from both disjointed forests:
For example, if I want to invite a user, notice that I can pick from the different forests.
This is a very powerful capability that allows Centrify Identity Service and Privilege service to bridge and provide SSO, Application and Privilege (vaulting, session, etc) to organizations that may have different forests with no relationship.
I hope this helps.
R.P
The two forests *DO NOT* and *CANNOT* have a trust relationship with each other. I will setup a new Cloud Connector in a member server of forest and let you know how it goes.
Thanks for your help.
Robertson, thanks for explanation and screenshot.
I can see similar "License Summary" in my Centrify Cloud Manager - Apps - Office 365. I try to provision Dynamics CRM PRO and Lite licenses there. But it does not work, users do not get Dynamics CRM licenses in O365 portal.
Any idea why?
Dear Centrify Experts,
I have just got my new pack of E3 licenses. Provisioning worked fine, as admin I can see all users got licenses on O365 portal. But I cannot login to O365 portal with any of those users. I also cannot activate freshly installed O365.... I got the following error message:
Unable to Launch Application
I am not sure this is a Centrify-related question.
You should see the licenses that you are entitled to. If you have a MS CRM Subscripton tied to your tenant, you should see it. Otherwise check with Microsoft.
We have another app in the catalog that provides federation for MS Dynamics CRM.
Hello
To add to info provided by
If you are not seeing the license for DynamicsCRM in the list of licenses, you will need to open a case with Microsoft to have this added to your subscription.
I think if you are seeing it listed with available licenses and properly mapped to Users using Role Mappings, however Users are not receiving them, then it will probably best to open a case with Techincal Support.
I hope this helps!
Have a great day!
Ryan V.
Hi Unisys,
Unable to Launch Application You do not have access to this application or the application has been removed.
In the O365 App in Cloud Manager, make sure under "User Access" the application is deployed to a role that the user(s) is a part of.
It sounds like the user is trying to access O365 via SP-Initated login, but after they log into the Centrify portal, they do not have rights to access the application, so the app launch gives the above error.
-Nick
Nick, thank you! Indeed, I have to select E3 role "User Access" so it can access O365 app.
This is the fix! Thank you!
Ryan, thanks for all the ideas. It looks like I forgot to select DynamicsCRM role under "User Access" to let it access the app. Apparently this checkbox fixes my issue. More details here:
Robertson, you mention another app in the catalog that provides federation for MS Dynamics CRM. There are three apps listed: MS Dynamics CRM (WS-Fed), MS Dynamics CRM Live and MS Dynamics CRM onMicrosoft. I try MS Dynamics CRM (WS-Fed) but I cannot find Provisioning / Role mapping settings for this app. Should I use another app?
So I use Office 365 app now for both O365 E3 / E4 and Dynamics CRM. Should I leave it this way? Or is there a better way?
