Quantcast
Channel: All Centrify Express posts
Viewing all 1833 articles
Browse latest View live

Re: Samba Share - Write Access for certain domain users, read access for other domain users

May 23, 2017, 8:49 am
$
0
0

: - Thanks, sorry for the late reply..

 

Yes, this pointed me in the right direction, I just could'nt get the right combo of settings.

 

My file permissions are set as follows which just allows read permission for all other users.

Everyone now has read file permissions. The share then stipulates for a domain user in the write list

 

drwxrwsr-x+  12 user share            4096 May 23 16:40 share

 

smb.conf

==============

[test-share]

    path = /test-share

    public = yes

    read only = yes

    browseable = yes

    write list = +DOMAIN\WRITEGROUP

 

Thanks for your help, banging my head off the table a while back with this one.

 

Much appreciated.

 

Search

SAML 2.0 SSO for Redmine 3.2.6

May 24, 2017, 9:03 am
$
0
0

Hello all, 

 

I am a brand new user for Centrify.  I have joined because I am searching for a method to integrate SAML SSO solution for my Redmine implementation.  Accordign to the instructions I have found I would need to login to the dashboard and download the required certificate.  The problem is, I cannot find the dashboard.  I don't know if that is because my new account is limited or because I am overlooking it somehow.  I just want to know if I can make this work using Centrify as my Identity Provider.

 

I have the OmniAuth SAML plugin installed.

 

  • Redmine requirements for SSO Before you configure the Redmine web application for SSO, you need the following: 
  • An active Redmine account with administrator rights for your organization. 
  • A signed certificate. You can either download one from Admin Portal or use your organization’s trusted certificate.
  •  Redmine OmniAuth SAML plugin. For more information see:

Re: SAML 2.0 SSO for Redmine 3.2.6

May 24, 2017, 9:25 am
$
0
0

I have my answer.  I do not have an admin account as of yet.  I have applied for it, but it has not yet been completed.  I will just wait until then and see if I get further.  If not, I will update this thread.

Re: SAML 2.0 SSO for Redmine 3.2.6

May 24, 2017, 9:44 am
$
0
0

Hello  and welcome to the Centrify community!

 

We actually have this app, pre-configured in our catalog. Once you receive your Admin account, you can then browse to Apps>>Add Web Apps and search for RedMine to begin.

 

Here are the step by step instructions to help you out. Please let us know if you run into any issues.

 

https://docs.centrify.com/en/centrify/appref/cloudhelp/o-z/saas_appref_redmine.html#

 

I also recommend running through the tutorial to get a feel for the Admin portal and to help identify some next steps.

 

Have a great day!

 

Ryan V. 

Is Centrify affected by SambaCry?

May 25, 2017, 9:58 am
$
0
0

Hi, 

 

Just want to confirm if Centrify is affected by SambaCry.

We have a few hundred RHEL machines with some Samba stand-alone installed on it but not enabled. We are planning to uninstall Samba altogether. My concern are the following:

 

1. Wil Centrify be affected by uninstalling Samba in the machines

2. Is Centrify affected by SambaCry

3. If yes, do we have any patch?

 

I hope you can direct to the resources here. Thanks in advance

Re: Is Centrify affected by SambaCry?

May 25, 2017, 11:09 am

Re: Is Centrify affected by SambaCry?

May 25, 2017, 11:18 am
$
0
0
problem is, im still waiting for my contact update. my previous sys ad left our company and I dont have access to my account.

Re: Is Centrify affected by SambaCry?

May 26, 2017, 12:47 pm
$
0
0

Question:
What are Centrify's recommendations in regards to Samba security alert - CVE-2017-7494​ (SambaCry)?

Answer:
With regards to CVE-2017-7494, Centrify is no longer shipping Samba, only the adbindproxy package to interoperate Centrify with Samba. Please follow Samba's recommendations for this security alert.

Here are the latest release notes for adbindproxy. Specifically, it highlights our recommendation with regards to Samba:

 

Centrify ADBindProxy is a proxy agent package that seamlessly integrates the DirectControl agent in Centrify Server Suite with open source Samba (referred to as stock Samba in this document), enabling the two products to share Active Directory user and group membership and to agree upon Unix identity attributes for Active Directory users. It is a proxy that passes identity management requests from Samba to DirectControl.

This Centrify ADBindProxy release supports stock Samba version 4.x. You are strongly advised to apply the latest security patches from Samba first before deploying Centrify ADBindProxy.


Regards,

 

Search

Re: Is Centrify affected by SambaCry?

May 29, 2017, 2:06 am
$
0
0

Hi Robertson,

 

sorry, but there is still nothing about this problem on the Product Security Page, and no mail about this has been sent to people like me who have subscirbed to the mail support notices...

 

Re: Is Centrify affected by SambaCry?

May 30, 2017, 6:57 am
$
0
0

Hello,

 

As the previous post described, Centrify is not affected by SambaCry as Centrify doesn't ship Samba.  Centrify ships a solution called ADBindProxy to integrate the OS/Open Source version of Samba with Centrify.  

 

The latest release of Centrify ADBindProxy supports stock Samba version 4.x. Centrify strongly recommends customers to apply the latest security patches from Samba first before deploying Centrify ADBindProxy.

 

Centrify has published KB-8772: Centrify Recommendations for Samba security alert - CVE-2017-7494 (SambaCry).

 

Regards,

 

Re: "Kerberos FAST is not currently supported" error when attempting to join domain

May 31, 2017, 9:28 am
$
0
0

Is there any update on this?  I'm getting the same error with centrify-suite-2017.  I tried the express install first and then I tried the enterprise install but I get the same error message.

Re: "Kerberos FAST is not currently supported" error when attempting to join domain

May 31, 2017, 6:07 pm
$
0
0

,

 

Welcome to the forums.

Please start a new thread.  Let us know the OS and Version, Version of Centrify DirectControl and the masked output of adjoin.

 

Please note that FAST is supported since 5.4 (2017)

 

R.P

How do you access the Centrify Keychain in Mac after inserting the smart card?

June 1, 2017, 6:27 am
$
0
0

After installing the Centrify Smart Card Assistant, it insert my smart card but the cert goes into a different keychain in the Apple keystore... I was using Java to access my Apple Keystore but none of the certificates installed by the Smart Card Assistant were accessible by Java.

Re: How do you access the Centrify Keychain in Mac after inserting the smart card?

June 2, 2017, 1:28 am
$
0
0

Hi ,

 

The PIV-<> keychain is a PIN-protected keychain which secures the use of smartcard credential. Because of this, the keystore is not able to retrieve it unless it is unlocked. It will be similar to get certificates from system keychain as it is allowed only for users with admin privilege.

 

You can go to the idea exchange to raise the idea so we will understand the need for this kind of use case: http://community.centrify.com/t5/Centrify-Idea-Exchange/idb-p/Centrify-Idea-Exchange

 

Also, you may want to take a look at derived credential feature in Centrify SaaS product which should be doing the same you wished: https://docs.centrify.com/en/centrify/adminref/index.html?version=1495753737#page/cloudhelp%2FderivedCreds.html

 

Best Regards,

Albert

Re: How do you access the Centrify Keychain in Mac after inserting the smart card?

June 2, 2017, 6:06 am
$
0
0
I have unlocked the keychain, and I am still unable to access the credentials programatically.

I also cannot access the link you posted for "Idea Exchange" it says "You do not have sufficient privileges for this resource or its parent to perform this action."
Search

Re: How do you access the Centrify Keychain in Mac after inserting the smart card?

June 2, 2017, 6:43 am
$
0
0

Actually, upon further inspection, it looks like you guys installed the certificate in the wrong Category.

In Mac, when you click on any keychain, there is a section call Category right under the keychain... 

 

They are the following:

  • All Items
  • Passwords
  • Secure Notes
  • My Certificates
  • Keys
  • Certificates

The important thing here is My Certificates, none of the certs installed by Centrify shows up there at all, they just showed up under Certificates. This would explains why the credentials aren't accessible. 

Re: find-generic-password /Active Directory/DOMAINAME Equivelent for Centrify

June 5, 2017, 2:44 am

Re: How do you access the Centrify Keychain in Mac after inserting the smart card?

June 5, 2017, 4:40 am
$
0
0

Hi ,

 

Thank you for getting back to us. 

 

 

In regarding the my certificate category, the issue is about the certificate itself. Please check the below to make sure it is in correct format:

 

https://superuser.com/questions/936840/add-to-my-certificates-in-keychain-access-mac-os-10-10

 

Also, all keychains will have the same categories and this is by Apple's design. We are introducing a PIN-protected keychain and it will also have the categores like "My Certificates".

 

Moreover, in regarding acessing the protected keychain with the PIN unlock, you will need to use the application itself to unlock it rather than the user who logged in. 

 

We will also file the request for enhancement of this case to our PM and will keep you posted. Thanks.

 

Regards,
Albert

Re: AD group is not synced to O365

June 5, 2017, 12:08 pm
$
0
0

i am also facing issue, Please suggest, what can be done to sync the group.

few members which are removed from AD, are still reflected in cloud AD group

 

Thanks,

NG

Re: AD group is not synced to O365

June 6, 2017, 12:27 am
$
0
0

Hi NG,

 

 

I do not use AD groups now. I sync individual users. I will definitely check it later again. Adding Users straight from the Admin Portal is of course serving it's purpose but using an AD Group will greatly simplify management.

 

> few members which are removed from AD, are still reflected in cloud AD group

 

Hmm, if I understand correctly your description... this sounds like different issue. Please make sure your Cloud connector service has sufficient privileges on AD "Deleted objects container". So Cloud connector service can see deleted AD users and remove them from cloud also. 

 

Or you can use powershell to remove those unwanted users manually. Please find more details in post below (by Nick / Drmikan).

 

http://community.centrify.com/t5/Centrify-Express/unwanted-Active-Directory-users-synchronized-to-Office-365/m-p/23516#M9488

 

 

Best regards,

UniSys

 

Viewing all 1833 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>