Quantcast
Channel: All Centrify Express posts
Viewing all 1833 articles
Browse latest View live

Re: Certificate to IOS for RADIUS Wi-Fi

$
0
0

The policy options in the admin portal under Core Services --> Polices are much more current than what I see when I open the local Group Policy editor on my Windows Server running the Centrify Connector. For example;

 

The VPN option in the Group Policy Editor only has PPTP, IPSec and 3rd Party VPN

The VPN option in the In the Admin Portal has PPTP, IPSec and 3rd Party VPN, as well as IKEv2 and L2TP

 

The Report Mobile Device Location restriction setting in the Group Policy Editor does not have the Opt In / Force options that are found in the Admin Portal.

 

There is no Certificate Profiles section in the Group Policy Editor.

 

 

As far as I kow I have the most current version of the connector, but now I am begining to wonder if there is a new version of that or an update to the group policy template that I am missing, do these differences sound normal? If so then it would seem that there are considerable differences between the polices available in the admin protal versus the local Group Policy Editor

 


Re: Admin Portal - Compliance Status and No Location Information Available

$
0
0

I have no OS X systems, only IOS, no one has opted out of GPS. I switched to the polices used in the Admin portal rather than the local Group Policy Editor and location started working so it wold seem that perhaps I dont have the latest options in my local Group Policy Editor, although I thought I did. If my assumption is correct do you know where I cna get the updated Group Policy Template I'd rather nto use the Certrify Directory Policy Service if I can avoid it.

Re: Admin Portal - Compliance Status and No Location Information Available

$
0
0

Without additional information, it would be difficult to attribute the issue to the policy delivery method.

 

That being said, to update the mobile tools:

 

  1. In your management station, run Centrify connector setup 
  2. In the Custom Setup page, make sure the Centrify for Mobile Tools > Group Policy Console extension is selected. 
    (You don't need the Connector or ADUC extension).
  3. When you complete setup, your GP Editor will have the ability to edit Identity Service mobile policies.

    Note: Do this every time there's a new release (typically monthly).

test.png

 

 

Problem with samba on Solaris 10 using CentrifyDC-adbindproxy

$
0
0

Samba script adbindproxy.pl fails to accept input on Solaris 10 samba server. No matter what you enter, it uses some default that are not correct for this os.

The os build if fresh with no previous samba

Samba is native from Solaris Version 4.4.14-CVE-2017-11103 fixed

solaris is Oracle Solaris 10 1/13 s10s_u11wos_24a SPARC

centrifydc-5.3.0-sol9-sparc (works on all my solaris 10 systems to join and authenticate via ad)

centrifydc-adbindproxy-5.3.0-sol10-sparc

I'm guessing I need a Solaris 10 centrifydc, but the one provided me will not install correctly.

It is looking for;

CentrifyDC-openssl

CentrifyDC-openldap

CentrifyDC-curl

 

Thanks for any help

Bill

 

Centrify Connector - Mobile Tools only

$
0
0

Hello,

 

I'm already running 2 Cloud Connectors but I want to have the AD and Group Policy tools available on a management station so I installed just the mobile tools from the Centrify Connector installer. That worked, however now I am gettign an error on the management station. I think the issue is that the connector is trying to run a periodic update check, but since only the mobile tools are installed the update is failing. below is a snippet formthe failure log.

 

"...

 

Cloud Management Suite [Version: 17.8.164.0] Logging at 10/4/2017 11:17:46 AM

 OS Version: Microsoft Windows NT 6.3.9600.0
 CLR Version: 4.0.30319.42000
 Mode: 64
 OS Language: English (United States)
 UI Language: English (United States)
 User Domain: ************
 Username: **********

Check and download update from

 Update version:
 Size:
 Published:

An error occurs when checking the update:

 Centrify.Cloud.Core.ProxyScpNotFoundException: Connector location object is not found.
    at Centrify.Cloud.Core.InternalProxyClient.<GetProxyUris>d__15.MoveNext()
    at Centrify.Cloud.Core.InternalProxyClient.RunChannelAction[T](String impersonatedUser, IEnumerable`1 proxyInfos, Func`2 actionFunc)
    at Centrify.Cloud.Core.InternalProxyClient.ExecuteCall[T](String proxyid, Func`2 action, WindowsIdentity impersonate, Boolean localProxy)
    at Centrify.Cloud.Core.ProxyLib.AutoUpdater.<GetUpdateLocationFromProxy>b__b()
    at Centrify.Cloud.Core.ProxyLib.AutoUpdater.GetUpdateLocation(Func`1 getUpdateLocation)
    at Centrify.Cloud.Core.ProxyLib.AutoUpdater.InstallerUpdateStrategyBase.GetUri(String relativeUri)
    at System.Threading.Tasks.Task`1.InnerInvoke()
    at System.Threading.Tasks.Task.Execute()
 --- End of stack trace from previous location where exception was thrown ---

 

..."

 

 

 

So my questions are:

 

Can I disable this update check so that I dont get an error?

 

or

 

Can I run the full installation without using the management station as an additional connector

 

or

 

Can I get the mobile tools and Group policy templates on a management station without installing the COnnector on that station?

Re: Admin Portal - Compliance Status and No Location Information Available

$
0
0

I ran the update and it appears to have corrected the issue, thanks very much for your help!

Re: Centrify Connector - Mobile Tools only

$
0
0

The more I look at this the more it seems that I have to have the connector wherever I have the mobile tools installed. There are other errors popping up, for example in AD whne I try to populate the mobile device properties. I get a similar error when I try and work in the GPO anywhere a password wold be set. Am I correct in assuming I cannot have a management station running just the mobile tools and not the connector?

Re: Problem with samba on Solaris 10 using CentrifyDC-adbindproxy

$
0
0

Hello Bill,

 

Welcome to Centrify Community.

 

The three packages mentioned should be installed together with CentrifyDC (5.3.0), could you verify from:

 

pkginfo | grep -i centrify?

 

Have you installed the CentrifyDC from install.sh?

 

 

A side note that for the version of Samba  (4.4) we would suggest to use newer version of CentrifyDC and adbindproxy (5.4.0)

 

centrify-suite-2017-sol10-sparc.tgz
centrify-adbindproxy-5.4.0-sol10-sparc.tgz

 

However adbindproxy is not offered in Express version.  May I know if you are Express customer purely or you have licensed account which allow you to download the software? 

 

Regards,

Alan


Re: AD Joined Computer via Centrify -- auth errors (0xc000006a) once a minute

$
0
0

Thanks for the reply.  It is in connected mode.  I tried the command you said, and this is what I got in response: 

Unneeded parameter(s): 'Computer Account Credentials'.  Please remove them and try again.

 

I tried without -m, and it reset, but I am still getting the emails.

 

Very slow ssh login

$
0
0

Good afternoon, we're testing Centrify Express 5.4.0 with RH 7.3 to access with AD domain.

 

The first access with AD user takes very long time to ask for password; or even it fails with error 'connection closed'.

The next access with same user is ok; it asks for password very quickly.

The first access after adflush command, turns very slow.

 

In sshd_conf:

- Deactivated GSSAPI options

- Use DNS no.

- AllowGroups , limit to 2 groups , admins (with 10 users), others (with 400 users in AD)

 

In centrify.conf :

- We've limited the AD to query to only one server

dns.dc.mydomain: myserver.domain

- We added this lines as we have saw some similar issues in Centrify Community

adclient.version2.compatible: false
adclient.zone.group.count:10000

 

Has this version of Centrify Express 5.4.0  the same slow response to first logon as it's explained on this question:

https://community.centrify.com/t5/Centrify-Express/Slow-login/td-p/4572

 

 

Thanks in advance

Re: Very slow ssh login

$
0
0

,

 

Welcome to the Centrify forums.

 

Provided that your AD environment is healthy, you're using the correct version (for express users should be 5.4.2), you should not experience lag (unless you're talking about a very large AD infrastructure -that's what the licensed version is for-).

 

If I was you I would:

 

  1. Leave AD (using adleave)
  2. Make sure I'm running  5.4.2  (yum update CentrifyDC or yum install [rpm file]
  3. Undo all the changes you made to the centrifydc.conf and sshd configuration file.
  4. Join AD again and wait until the cache is built
  5. Try to login again and measure.

 

The post you referenced is not relevant  (it is from 2012!  product has changed too much since).

 

I would start there.

 

Note that if you're in an enterprise environment you should be using the licensed version (for very clear reasons).

 

R.P

 

 

Re: AD Joined Computer via Centrify -- auth errors (0xc000006a) once a minute

$
0
0

Keep investigating.  This is a single system.

 

I would set addebug on keep it on until I get the alarm;  once I get it, I'd look at the log for the exact time.

 

This may be an end user attempt too.  Also, please make sure you're using 5.4.2 if this is Express.

 

R.P

Re: user can't write to windows share from windows, can from UNIX

$
0
0

Hi,

i am currently using Centrify Enterprise edition.  can you share the solution to this issue?

 

thanks,

james

Re: user can't write to windows share from windows, can from UNIX

$
0
0

,

 

Can you please start a new thread?

 

This is unrelated, and from 2011.

 

Make sure you outline why you think this may be related to Centrify, what OS version, What version of CDC and CDA and if you troubleshoot the NTFS and Share portions.

 

R.P

 

Re: How to Add Active Directory (AD) Domain Account to Sudo

$
0
0

i've got a few ubuntu servers that have been added to our domain using centrify express (as far as i can tell)

 

in their sudoers file there is no entry for the AD group that grants sudo permissions, yet user who are members of the group do have sudo permissions?? is there any other place that these permissions are created by centrify?


Database

$
0
0

Hi,

 

Our database was full and we have increased the space. How do we create new databse?

 

Let me know please.

 

Thanks

Isoa

Key chain not updating

$
0
0

Hoping someone can help, we have a dozen machines using Centrify and it's been great but now one brand new Mac is giving us a world of trouble.

 

The users local account has been linked to AD with centrify and on login they are prompted to update their keychain password as expected however, clicking "update password" is not triggering the password dialog box to appear and is behaving as if the user has selected "continue" effectivly breaking keychain access.

 

We've tried setting it all up again from scratch (deleting the users profile and creating a new one) but the same issue occurs each time and will presumably occur every time they update their AD password as the ability to update keychain's appears to be broken. Again this works perfectly fine on other macs running sierra.

 

Anyone have any suggestions?

Re: Key chain not updating

$
0
0

Hello ,

 

Welcome to Centrify Community!


The Keychain Access app can be used to re-sync the login keychain with the user's current AD password. If the password for the login keychain is not known, it may be necessary to delete the existing login keychain and create a new one, though this will delete all existing app passwords that were associated with the user's account.

 

As a test, may we know if you are open to removing the existing login keychain and update the password on AD again to see if the issue still persist?

 

Please keep us posted with any update or result. Thank you!

 

BR,

Ivan

Re: Database

$
0
0

 

Hi  Isoa,

 

Welcome to Centrify forums!

 

Could you please let us know which product are you working on? Is it about the Centrify Auditing and Monitoring service (known as Cnetrify DirectAudit in old versions)? Are you talking about the full Audit Store database attached to the DA installation? Are you looking for a way to replace the current active database? 

 

We will need more information to understand the question and provide corresponding answer then. 

 

Thanks,

Amy

Add certificate - RPC error

$
0
0

In AWS I have a AD DS, AD CS and one linux machine which I joined to the AD:

 

Local host name: ip-172-31-23-93
Joined to domain: tfbic.net
Joined as: ip-172-31-23-93.tfbic.net
Pre-win2K name: ip-172-31-23-93
Current DC: win-fam47drkcg3.tfbic.net
Preferred site: Default-First-Site-Name
Zone: Auto Zone
Last password set: 2017-10-21 08:41:56 UTC
CentrifyDC mode: connected
Licensed Features: Enabled

 

In AD CA I have a Enteprise CA, where I created a duplicate of Computer certiicate and then created a template.

The tempalte allows auto enrollment.

 

I am trying to issue a new certificate for my linux machine but get an RPC error without any details:

 

/usr/share/centrifydc/sbin/adcert -e -n TFBIC-EC2AMAZ-UISHUC6-CA -s EC2AMAZ-UISHUC6.TFBIC.NET -t Centrify

Error while issuing a certificate for Centrify: RPC error occurred during operation.

 

Any ideas where I should look for the possible problems?

Thanks!

 

Viewing all 1833 articles
Browse latest View live