Quantcast
Channel: All Centrify Express posts
Viewing all 1833 articles
Browse latest View live

SSO Not Allowing any Sign-Ins

August 31, 2018, 11:49 am
$
0
0

Starting on August 11, 2018, our AD Connector stopped synchronizing users into Samanage.  When I logged in about a week later (after discovering the issue), I was prompted to change the password on our administrator account for the Centrify admin portal.  After doing so, I was able to log in.

 

I did some troubleshooting for a couple days, but was not able to get the connector running again.  After attempting to change to a different admin account (Samanage admin account vs. Centrify), we have now found that none of our users can authenticate against the Centrify SSO page, and must instead log in through the Samanage local login.

 

Centrify support has told me that our use of Centrify with Samanage was never supposed to be a long-term solution, but rather a 30-day trial, after which we were supposed to buy a support contract in order to use the full application and gain access to support.  However, our Samanage rep has said that, although support is limited to Community Support only, we should be able to use Centrify with Samanage on an ongoing basis for no cost.

Search

Re: Download links for Centrify Express?

August 31, 2018, 1:13 pm

Getting started with setting up Centrify Express - Questions

August 31, 2018, 2:16 pm
$
0
0

Looking at the PDF here, the very first step has me a bit confused.

 

"Run the setup program for Authentication & Privilege components on a Windows administrator’s workstation. The setup program simply copies the necessary files to the local Windows computer, so there are no special permissions required to run the setup program other than permission to install files. Follow the prompts displayed to select which components to install."

 

It is not clear what "Authentication & Privilege components" are or where I can locate them.  The downloads available on the express download page are the following:

 

Centrify DirectManage Express

Centrify DirectControl Express Agents

Centrify PuTTY

 

 The Community section of that same download page says that there are install videos in the Express forum (this forum,) but I don't see them anywhere.  They certainly aren't pinned to the top of the forum.

 

I did install DirectManage Express on a Windows machine, but when I point it to the Ubuntu machine I set up to test with, I click "analyze," it gives a quick progress bar and then provides zero indication that there was any kind of success or failure.  <sigh>

 

So, if videos exist, I'd be happy to watch it/them (I also checked YouTube,) or alternatively, I'd like to have my hand held for just a short while.

Re: iPhone apps

August 31, 2018, 11:29 pm
$
0
0

it was working smooth on my iPad Pro when it was running on ios 10 however as I have updated to ios 11.3 whenever now I am opening the app it only loads a blank screen on the start up and crashes after a while automatically. How do I fix it?

Re: Getting started with setting up Centrify Express - Questions

September 3, 2018, 1:51 am
$
0
0

Hi 

 

For Express envionment there is no need to install the Authentication and Privilege components Access Manager. 

 

We are sorry the guide you found from the Express documentation is not for Express version of Linux, we will contact our internal team to work on this link and point it to the correct document. 

 

https://docs.centrify.com/en/css/18.8/centrify-express-linux-agent-quickstart.pdf

 

Above is the Express for Linux and Unix quick start guide. 

 

As per the operation on Deployment Manager there is a History node to record all of the activities, right click on Analyze operation for this server and you will find the Trace details in it. The result will also tell you if it's success or not. Also the new added computer will be listed under the Computers node, there is a History node for specific server. 

 

Deployment Manager trace.PNG

 

We could transfer the discussion to the support ticket with email communication - If you would like to further troubleshoot the issue on DM with sensitive data captured. 

 

 

Thanks,

Amy

Re: SSO Not Allowing any Sign-Ins

September 3, 2018, 9:46 pm
$
0
0

Hi jacobtauer,

 

Welcome to Centrify Community!  I wonder if 'Re-register' the connector will help the issue. As you mentioned, you had to change the password of administrator account. Would you please go to connector panel (ProxyUI.exe) > Connector > Re-register > Enter the cloud admin account and see if this will fix? If it still failed, would you please send us connector log file? Usually it is under C:\Program Files\Centrify\Centrify Connector\ . FIles are log.txt, log.txt.1, log.txt.2. State the timestamp of the failure. Thank you.

 

Kind Regards,

Yeny

Re: Where is the adbindproxy.pl script download for Ubuntu located?

September 3, 2018, 11:57 pm
$
0
0

Hi Alan,


I just wanted to give an update that unfortuately this stopped working with.Suddenly authentication would fail, with permission denied errors, and then when restarting centrifydc-sama, it would fail with the following error: samba.adbindd2 winbindd is not running: no such file or directory

 

There was another problem as well, in that the script commented out some lines in /etc/pam.d/common-auth and password, that prevented ssh logins from working for domain users.

 

I'm afraid that I'm going to go back to using the vanilla tools, and lose out on the custom ID mapping Centrify had to offer. The toolset for Ubuntu seems to be broken.

 

Re: Failed to enroll your device. Timeout after 2 minutes

September 3, 2018, 11:59 pm
$
0
0

im facing some issue it was working smooth on myiPad Pro when it was running on ios 10 however as I have updated to ios 11.3 whenever now I am opening the app it only loads a blank screen on the start up and crashes after a while automatically. How do I fix it?

Search

Re: Where is the adbindproxy.pl script download for Ubuntu located?

September 4, 2018, 12:32 am
$
0
0

Hi Louis,

 

Thank you for sharing with us the update.

I wonder if there is any change on samba / configuration which may lead to sudden failure.

What is the samba version in use?

Is it a stock samba?

 

May I know if there is any chnce you could follow the steps below to collect us log files?

 

1. Login to the samba server and run where username is the Centrify user who is attempting access to the Samba server.

# adquery user -A <sambausername> > /tmp/adquery.txt
# smbclient -k -L <hostname> (this command will list Samba shares)

2. Using your favorite editor, edit the /etc/samba/smb.conf to include the following lines in the [globals] section as follows:

[globals]
...
log level = 10
log file = /var/log/samba/smb.log
max log size = 0

3. Run below command after saving the changes to verify any syntax errors in smb.conf:
# testparm

4. Restart Samba to get it to pick up the smb.conf changes right away by running:
# /etc/init.d/smb restart

5.  Turn on debug:
# /usr/share/centrifydc/bin/addebug on
# /usr/share/centrifydc/bin/addebug clear

6.  If Accessing the share from Unix, please go to step 7

For troubleshooting Samba issues from Windows,  you need a tool like Wireshark. If you do not have it, please download it from the below location:
http://www.wireshark.org/download.html
Note: Wireshark is NOT a Centrify tool.

Log out of Windows and login again or simply lock and unlock to get a new Kerberos ticket. Start a network capture using Wireshark. Attempt access to the share in question and let it fail and note down the username.

7. On client Unix machine, start capturing network trace using tcpdump:

Start the network trace:
For Linux machines: tcpdump -i <ETHERNET INTERFACE NAME> -s 0 -w <NAME FOR THE FILE>
Example:
    tcpdump -i <ETHERNET INTERFACE NAME> -s 0 -w /tmp/login.pcap
 
For Solaris machines: snoop -d  <ETHERNET INTERFACE NAME> -s 0 -o <NAME FOR THE FILE>
Example:
    snoop -d ge0 -s 0 -o /tmp/login.pcap
 
Let the affected user access the samba share to get the issue reproduced.
Once above is done, hit Control + C to stop the trace.


8. After the issue is reproduced, Go back to Samba server& Run the following command:
# adinfo -t

9. Turn off debug on Centrify-enabled Samba server:
# /usr/share/centrifydc/bin/addebug off

10. Send in the following by email or ftp:
a. /var/centrify/tmp/adinfo_support.tar.gz
b. tar of /var/log/samba/
c. /etc/samba/smb.conf
d. /tmp/adquery.txt
e. network trace from Windows. Save it with an extension of pcap.

11. Revert changes made above

 

Once the log files are collected, please kindly share with us by sending to communitysupport@centrify.com.

We are looking forward to hear from you.

 

Best Regards,

Alan Ho

Able to log in to terminal but not SSH

September 4, 2018, 1:32 pm
$
0
0

I've found several other posts about this but none of the solutions presented solved the issue for me.  The short version is that I have centrifydc installed on a RHEL 7.4 server and while I can log in with Active Directory credentials on the console, I am unable to do so with SSH.  This seems like it's a simple configuration problem with PAM, but I don't know enough about centrify (or PAM, for that matter) to know for sure.  Has anyone run into this before?

Re: SSO Not Allowing any Sign-Ins

September 5, 2018, 8:32 am
$
0
0

I'm getting a message that "The user name or password you provided is invalid, or the user is not authorized to register Connector."  However, this is the account we have always used to register the Connector.

 

I also cannot log in to the Cloud in order to confirm any account information because it will not accept any credentials I enter, whether Centrify-specific accounts or Active Directory accounts.

 

I can provide log files if you think they will be helpful, but a new log file has not been generated since 8/23/2018, likely because the connector cannot even register.

Re: Able to log in to terminal but not SSH

September 5, 2018, 9:25 am
$
0
0

On Debian distros, root is excluded from SSH by default.

 

Maybe you just need to allow the login account via the SSH config file?

 

At least, that's what it sounds like anyway.

Re: Getting started with setting up Centrify Express - Questions

September 5, 2018, 9:28 am
$
0
0

Thanks for the offer Amy.  I think that I'm OK now that I know that I'm not crazy and I'm not doing things wrong.

Getting a ERR_BAD_SSL_CLIENT_AUTH_CERT when accessing certain sites requiring EMAIL certificate

September 5, 2018, 10:25 am
$
0
0

Hi,

 

When trying to access a Navy website, I am receiving a ERR_BAD_SSL_CLIENT_AUTH_CERT error from Chrome. I'm only prompted to select one of my certificates, I get asked for a PIN, and then I get that error. If I use the same card in the same reader on the same MacBook Pro, but in a Windows VM, it works fine.

 

What am I potentially misconfiguring with Centrify that would cause it to fail? I disabled the High Sierra built-in reader. I installed and trusted all the root certs from militarycac.com, plus all the additional certificates. My CAC certificates are all listed as valid.

 

Any ideas?

Re: How to query the email of a user's manager from the Manger attribute in Active Directory?

September 5, 2018, 10:54 am
$
0
0

Is this still not possible ?

 

In my case, I am trying to leverage it through Zendesk. 

Search

CentrifyDC startup slow, Ubuntu 18.04

September 6, 2018, 10:47 am
$
0
0

Hi folks,

 

We are having problems with the startup of CentrifyDC Express 5.5.1-400, currently installed on our Ubuntu 18.04 systems.

 

When we power on the system, it takes about 30 seconds to startup the client "adclient" and then it appears Connected, occasionally it never starts the adclient and then it appears as Disconnected for a while.

 

We have tried with the latest version of Centrify Express: centrify-infrastructure-services-18.8-deb8-x86_64, and also with previous versions, and the problem persists.

 

Thanks.

 

 

Re: Getting a ERR_BAD_SSL_CLIENT_AUTH_CERT when accessing certain sites requiring EMAIL certificate

September 6, 2018, 8:07 pm
$
0
0

Hi ,


Welcome to Centrify Community!

 

According to the error message, I am suspecting this could be caused by the browser or the machine anti-virus, while all the certificates are stated valid on the machine.

 

Can you help check your AntiVirus / Firewall program, Eg. Avast, AVG or Bitdefender, make sure you have disabled any option like "Encrypted/SSL scanning or checking"

 

Hope it helps. Thank you!

 

BR,

Ivan

 

Re: Getting a ERR_BAD_SSL_CLIENT_AUTH_CERT when accessing certain sites requiring EMAIL certificate

September 7, 2018, 7:02 am
$
0
0

I disabled all AV and security software to confirm it was not the issue. 

 

It's the way the server ordered the CA certificates, apparently. Chrome strictly checked the order, where Safari and IE didn't care as much.

Re: SSO Not Allowing any Sign-Ins

September 7, 2018, 7:51 am
$
0
0
Are there any further updates or suggestions? Could Centrify support please reach out to get this resolved?

I was promised by Centrify support a few weeks ago that I would be contacted by a sales rep to at least get things set up as a 30-day eval to get us in and running temporarily, but have not heard anything.

Re: SSO Not Allowing any Sign-Ins

September 7, 2018, 8:56 am
$
0
0

,

 

If you're in an active evaluation, the very first step is to set up the evaluation objectives.  This is done in conjunction with a technical lead.  Once those are set, you should have been walked through all the use case configurations, and even helped with our without support to get these items completed.

 

What you describe is very unorthodox.  Please reply with the name of the technical lead and I'll personally contact them.

 

R.P

Viewing all 1833 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>