Apparently, my upgrading my MacMini from High Sierra to OSX "Mojave" has broken my Centrify A.D. connect and software compatibility.
Is there an updated version compatible with Mojave that anyone here might know of ?
Thanks.
↧
compatibility with OS X Mojave ?
↧
Re: compatibility with OS X Mojave ?
Welcome to the Centrify forums.
The upgrade path order typically is to update Centrify (we provided day-one support for Mojave) first, and then update the OS.
https://blog.centrify.com/centrify-ios-12-day-one-support/
The software should be available from the download Center.
R.P
↧
↧
Re: AD group issue with Centrify Express
I would be interested to know if you were able to resolve this. I have tried various things - end result is the group I am checking will eventually be missing on some servers and always present on others.
↧
Re: AD group issue with Centrify Express
We had support engage with a commercial customer that reported this. Stay tuned to this thread. If there's a bug in that version, we'll provide instructions to Express customers.
↧
Re: AD user account unable to log into machine
Otter, Nick !
I have installed last version of macOS - mojave and last version Centrify.
I tried to encrypt disk and as result I need to login via local user and then I have option to login via AD/Centrify user.
AD account has mobile attribute "Mobile" in User/Preferences but I don't see them on first list of users who needs to decrypt disk.
Can you assist me , please !
↧
↧
Re: "The app has encountered a network error"
This issue was long ago solved if am not wrong, but facing the same issue again with the latest update! Any fix yet?
Regards,
Smith
Regards,
Smith
↧
Re: "The app has encountered a network error"
Policy settings? I ran into this a long time as well and enabling invite based enrollment fixed it.
https://centrify.force.com/support/Article/KB-9610-Getting-Network-unavailable-error-when-a-User-is-trying-to-enroll-a-device-with-a-QR-code
https://centrify.force.com/support/Article/KB-9610-Getting-Network-unavailable-error-when-a-User-is-trying-to-enroll-a-device-with-a-QR-code
↧
Re: AD group issue with Centrify Express
For the other person who was seeing disappearing groups - were you able to resolve? if so, how?
↧
Re: AD group issue with Centrify Express
We haven't been able to get a response from the commercial customer that reported the issue so we can do a log analysis.
Can you do us a favor? (and help us help you at the same time)
Can you please private-message me (mail icon on the upper right) your contact info (email/phone number) and a support representative will contact you to capture some logs and get to the bottom of this.
Thanks in advance,
R.P
↧
↧
Re: AD group issue with Centrify Express
PM has been sent.
↧
Re: Centrify Express 5.4.3-887 can't SSH. Only on 1 out of 45 servers.
We did not hear from you since last syn-up.
As discsused with Fel this issue is weird as it is verifed during the debugging steps it only occurs when you start sshd through initd. If you start sshd manually then logon works. Our recommendation is to re-install SSHD.
Please let us know if issue persists after re-installation.
Thanks,
Amy
↧
Re: compatibility with OS X Mojave ?
The Centrify Express for Smart Card download site still only shows up to macOS 10.13 compatibility. If you download that installer, it won't install on 10.14.
↧
Re: Centrify Express 5.4.3-887 can't SSH. Only on 1 out of 45 servers.
I apologize Amy, since this seems specific to this very old system we have decided to replace it instead of spending any more time troubleshooting it.
We are going to clone another system and reconfigure.
Thanks for all your help.
Chuck
We are going to clone another system and reconfigure.
Thanks for all your help.
Chuck
↧
↧
Re: iCloud Backup still disabled after enabling in GPO
Usually, due to insufficient iCloud storage, unstable Internet connection, insufficient iOS system or hardware problems, iCloud backup does not work properly. Correspondingly, you can check storage space, network connections, iCloud and iOS version updates, reset all settings, and more. If you don't know what to do, you can refer to this article:https://www.fonecope.com/fix-icloud-backup-not-working.html
↧
Unable to login with CAC on MAC HIGH SIERRA 10.13.6
Hi,
I am unable to login to the sites I need via my card reader. I have tried on both Chrome and Safari. The military login site gives an error of "No Client Certificate presented".
I have removed the built-in CAC enabler for High Sierra as suggested on another website, so only Centrify remains (or at least I think I have).
First, I noticed on the Diagnostics instructions that it says to open Keychain and make sure the smart card reader is there. I don't see the smart card reader in there anywhere, but the status on Centrify does say "Authentication Attempts Remaining: 3". Is there something I need to do to get it into Keychain? Or perhaps I'm not looking for the right thing in Keychain.
Any help is greatly appreciated!
I ran diagnositcs and here is my log:
Smart card: THOMPSON.ROBERT.EARON.116531080
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USA/CN=THOMPSON.ROBERT.EARON.1165310809
** This certificate has no NT Principal Name
** This certificate has not been mapped to any user
Not valid before: Thu Jun 06 07 00:00:00 2018 UTC
Not valid after: Mon May 05 20 23:59:59 2019 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.42,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41
Not valid before: Mon Nov 11 09 16:13:56 2015 UTC
Not valid after: Tue Nov 11 09 16:13:56 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
** Could not get issuer certificate: Issuer certificate for /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41 not found
** This certificate cannot be used for pkinit
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USA/CN=THOMPSON.ROBERT.EARON.1165310809
Email Address: robert.e.thompson202.mil@mail.mil
NT Principal Name: 1165310809@mil
Not valid before: Thu Jun 06 07 00:00:00 2018 UTC
Not valid after: Mon May 05 20 23:59:59 2019 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.42,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41
Not valid before: Mon Nov 11 09 16:05:27 2015 UTC
Not valid after: Tue Nov 11 09 16:05:27 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
** Could not get issuer certificate: Issuer certificate for /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41 not found
This certificate can be used for pkinit, testing:
** Data signing failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Signature verification failed: Unknown PKCS#1 padding type 0x1d
Public key encryption succeeded
** Private key decryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Private key encryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Public key decryption failed: Unknown PKCS#1 padding type 0xad
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USA/CN=THOMPSON.ROBERT.EARON.1165310809
Email Address: robert.e.thompson202.mil@mail.mil
** This certificate has no NT Principal Name
** This certificate has not been mapped to any user
Not valid before: Thu Jun 06 07 00:00:00 2018 UTC
Not valid after: Mon May 05 20 23:59:59 2019 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.39,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41
Not valid before: Mon Nov 11 09 16:05:27 2015 UTC
Not valid after: Tue Nov 11 09 16:05:27 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
** Could not get issuer certificate: Issuer certificate for /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41 not found
** This certificate cannot be used for pkinit
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USA/CN=THOMPSON.ROBERT.EARON.1165310809
NT Principal Name: 1165310809121004@mil
Not valid before: Thu Jun 06 07 00:00:00 2018 UTC
Not valid after: Mon May 05 20 23:59:59 2019 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41
Not valid before: Mon Nov 11 09 16:13:56 2015 UTC
Not valid after: Tue Nov 11 09 16:13:56 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
** Could not get issuer certificate: Issuer certificate for /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41 not found
This certificate can be used for pkinit, testing:
** Data signing failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Signature verification failed: Unknown PKCS#1 padding type 0xc3
Public key encryption succeeded
** Private key decryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Private key encryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Public key decryption failed: Unknown PKCS#1 padding type 0xc3
↧
Re: Unable to login with CAC on MAC HIGH SIERRA 10.13.6
Hello and welcome to the community!
Sorry to hear you are running into issues with your Smart Card. As I understand it, it looks like this is a new setup. If not, let me know what has changed (was the OS upgraded?, ...).
I would suggest following this KB article. Step #2 has a screenshot showing you what it should look like in the keychain:
KB-1617: Troubleshooting smart card issues on Mac systems: https://centrify.force.com/support/Article/KB-1617-Troubleshooting-smart-card-issues-on-Mac-systems
I hope this helps,
Andrea
↧
Re: Deployment Error: Adding computer object into Windows AD
The server appears in the list but you can't click on the + and expand it out to see what it contains.
Check in your server list that can actually see the server. Also keep in mind that this software needs access to the admin port, not the normal web one, although it looks like your tunnel is correct for that.
You also need to turn on remote administration and set up the username and password etc. Try pointing a web browser to your localhost 6122 and check you can log in to the admin panel if that does not work try the blog of
Error code 0xc00000e9 that may help you.
↧
↧
Re: Deployment Error: Adding computer object into Windows AD
If you satisfied with that try to visit with Error code 0xc00000e9
↧
Re: Deployment Error: Adding computer object into Windows AD
Please don’t piggy-back on a closed thread from 2010.
Open a new thread.
Don’t forget to add operating system, version, etc.
R.P
**This thread won’t receive new responses**
↧
Default color settings to b/w from Windows Print server
In Windows Server Print Management on our print server we've changed default color to black/white, under Set Printing Defaults . But it doesn't sync/propagate to the Macs, even though all Windows devices behave properly. How do we solve this? I've tried to browse the World Wide Web now for a while without finding anything.
In short,
We want all users to have b/w as default color setting, but be able to change it when they need to print in color.
Thanks,
We use CentrifyDC 5.5.1
↧