Kerberos / admin accounts / O365
Hello(This is not a Centrify-specific issue, but I hope you may be able to point me in the right direction).We bind our Macs to AD using the Apple AD plugin, and all our staff and students login using...
View ArticleClik here to view.
Re: Kerberos / admin accounts / O365
, The reason for what you described is that when the admin types in their username/password, the OS stack is also obtaining a Kerberos TGT, that is reused by the browser and translated by your...
View ArticleAD ID Unable to login - PAM: User account has expired
CentrifyDC Express on SLES 11 Level 3 - We have one client who is unable to login to this server. Other clients are able to login fine. adquery returns good info for this client and then are able to...
View ArticleRe: AD ID Unable to login - PAM: User account has expired
What is the version of CentrifyDC? Please wait until we indicate to send support files. Can you please remove from the post? Ideally you would also check if the account is disabled or if there are no...
View ArticleRe: AD ID Unable to login - PAM: User account has expired
First and foremost, if you're a commercial customer, you are entitled to Standard or Premium support based on your contract status. If this is a critical system, please use the "contact us" link to...
View ArticleRe: AD ID Unable to login - PAM: User account has expired
Thanks, it looks like the file was removed already.CentrifyDC 5.1.2-378 It looks like this client has not logged in to this server since May of 2015. They are able to login to other servers and other...
View ArticleRe: AD ID Unable to login - PAM: User account has expired
Yes have do have support for a few of our servers and they are running in Standard licensed mode. However, we are in transition at this time due to budget timing and have not moved our servers from...
View ArticleRe: AD ID Unable to login - PAM: User account has expired
Absolutely understood. The only issue you have is that the features you are trying to implement (passwd.ovr, group.ovr, *.allow) are not supported by the current version of Centrify (5.3.1) that is...
View ArticleRe: AD ID Unable to login - PAM: User account has expired
Ok, we have disabled the override files and are still getting the same errors.adclient[2830]: INFO <fd:10 PAMIsUserAllowedAccess2 > audit User 'xxxxxx' is authorizedINFO AUDIT_TRAIL|Centrify...
View ArticleRe: AD ID Unable to login - PAM: User account has expired
Note that the message is coming from SSHD, not from Centrify. This could be an issue with the system (not configured for PAM or simply expecting keys). The best bet for you is to debug SSH To turn on...
View ArticleAD ID Unable to login vi ssh - PAM: User account has expired
We are running CentrifyDC Express on SLES 11 Level 3. We ahve one client that is unable to login with their AD credentials. When they try to login the following entries are in /var/log/messages. Jun 7...
View ArticleHow do I change the default reply email address?
Somehow, some of my Office 365 users have the incorrect default reply email address. Instead of having "user@company.com" they have "user@company.onmicrosoft.com" as the default reply address. In...
View ArticleRe: AD ID Unable to login vi ssh - PAM: User account has expired
I recommend you isolate the problem to either SSH or the account. You can do this by SUing to the user on the system. If the user can SU, then the issue is with SSH. Most likely something at the SSH...
View ArticleRe: How do I change the default reply email address?
Figured it out. Sorry for the post. You may close this. Thanks!
View ArticleClik here to view.
Re: How do I change the default reply email address?
Thanks for the post and confirmation things are now working. The scenario you describe is generally caused if the proxyAddresses attribute for an Active Directory user has missing or incorrect SMTP...
View ArticleRe: How do I change the default reply email address?
I did use the proxyAddresses attribute to resolve the issue. The only difference in my case was that the users did already have the correct email addresses in AD. The users affected were random,...
View ArticleRe: How do I change the default reply email address?
Thanks again Jay and I really appreciate the confirmation on solution. Be sure to post again if you note any repeat instances or inconsistencies in your provisioning reports related to the impacted...
View ArticleRe: Help for newbie
Felderi, Thank you for the information but what syntax do I need to put into the sudoers file to give an AD group admin access to the server? I am trying to have an Admin AD group with root access, a...
View ArticleRemoving Centrify
We are running a very old version of Centrify and need to upgrade to the most currently version. All attempts to upgrade or rem0ve the old version have failed. Please advise.
View ArticleRe: Kerberos / admin accounts / O365
Hithanks for the info - really helpful.We have persued an additional route: we have a launchdaemon that watches /var/authd.log for any changes. if it detects authentication from a user that is not the...
View Article