- Centrify Express For Mac Smart Card
- Centrify Express For Mac Smart Card
- Centrify Express For Mac
- Centrify Express For Mac Smart Card
Automation and orchestration are key capabilities of the modern IT infrastructure. Whether organizations are using private or public clouds, tools like Bladelogic, System Center, Satellite, Chef, Casper, Puppet or homegrown scripts - software should be orchestration friendly.
In a previous post, we discussed a UNIX/Linux scenario with Centrify Enterprise Edition; in this post and in an upcoming playlist, we'll be integrating a couple of Mac OS X systems. On-premise (or Enterprise) systems tend to have different requirements from BYOD (Bring Your Own Device) Macs. With Centrify Management Services for Mac, you can use Active Directory to centrally manage authentication, policy enforcement, single sign-on (SSO), and user self-s ervice for popular endpoint devices running Mac OS X, macOS, iOS, and Android. A key component of Centrify Management Services for Mac is the Centrify agent for Mac computers. This guide describes Centrify DirectControl Express, the main component of the Express version of Centrify Suite 2011, which allows a supported machine to join Active Directory and authenticate users with minimal configuration. As your IT structure grows in size and complexity, the Express version allows. Installing Centrify Express. Open the Centrify Express download page; Navigate to the Centrify Express version that matches your MacOS version, and tap to download to your device; If the 'downloading disk' image does not automatically display, double click on the Centrify Express For Smart Card disk image to force it to begin; and finally.
Centrify Server Suite for UNIX, Linux, and Mac offers a facility that should be leveraged by any savvy IT infrastructure team. The tool is a script called install.sh.
This script is shipped with the gzipped tarball for Centrify software, for example, here are the listings for a RHEL-based system (excluding the release notes):
- adcheck-rhel4-x86_64
- centrifyda-3.2.3-rhel4-x86_64.rpm
- centrifydc-5.2.3-rhel4-x86_64.rpm
- centrifydc-install.cfg
- centrifydc-ldapproxy-5.2.3-rhel4-x86_64.rpm
- centrifydc-nis-5.2.3-rhel4-x86_64.rpm
- centrifydc-openssh-6.7p1-5.2.3-rhel4-x86_64.rpm
- centrify-suite.cfg
- install-express.sh -> install.sh
- install.sh
Note that all the installation bits are shipped in the native package manager or the platform, this gives the opportunity to the administrator to bypass install.sh and use the native installer. E.g. to install only the base agent, you can run
rpm -Ivh centrifydc-5.2.3-rhel4-x86_64.rpm
Many admins just simply add the RPMs to their repositories and can use facilities like yum to install or maintain the package.
Capabilities of install.sh
- Interactive install/join operations: walks the user through a series of menus and options
- Automatic with command options: can be run manually or by an orchestration facility for installations and joins.
- Automatic with an answer file: any of the .CFG answer files can be used with install.sh
- Kerberized: install.sh calls adjoin and other utilities that can benefit from Kerberos keytab preauthentication.
install.sh is a script; it acts as an abstraction layer between the package manager of the native OS and any other tool or manual script. This is very powerful because eliminates the nuances related to each operating system, architecture or distribution.
For example, some AIX systems use the installp facility, RHEL and derivatives use RPM, Debian derivatives like Ubuntu use dpkg, OS X systems use Install.app and so on; install.sh allows for the administrator to have a QA tested way to install Centrify software and perform additional tasks.
Basic Automation Playbook
What you need:
a) The keytab for an AD user that can join systems (or remove them) to the target OUs
For more info on how to create this, click here.
b) A krb5.conf file for a working system
d) Install.sh (or the native package manager utility)
e) If not using install.sh, you'll need adjoin (or adleave)
Centrify Express For Mac Smart Card
Sample Command Sequences
Sample 1: In this sequence, we use an /temp/ad-joiner keytab with a /temp/krb5.conf and we'll use install.sh to install standard edition and join a zone called myzone in the acme.test domain in the 'My Servers' OU.
env KRB5_CONFIG=/temp/krb5.conf /usr/share/centrifydc/kerberos/bin/kinit -kt /temp/ad-joiner.keytab ad-joiner
./install.sh --std-suite --adjoin_opt='acme.test -z myzone -c acme.test/My Servers'
Sample 1: In this sequence, we use an /temp/ad-joiner keytab with a /temp/krb5.conf and we'll use install.sh to install standard edition and join a zone called myzone in the corp.contoso.com domain in the 'My Servers' OU.
env KRB5_CONFIG=/temp/krb5.conf /usr/share/centrifydc/kerberos/bin/kinit -kt /temp/ad-joiner.keytab ad-joiner
./install.sh --std-suite --adjoin_opt='corp.contoso.com -z myzone -c corp.contoso.com/My Servers'
Sample 2: In this sequence, we use an /temp/ad-joiner keytab with a /temp/krb5.conf and we'll use rpm to install the standard package and adjoin to join the Global zone in the corp.contoso.com domain and put the computer under the CentrifyServers OU.
env KRB5_CONFIG=/temp/krb5.conf /usr/share/centrifydc/kerberos/bin/kinit -kt /temp/ad-joiner.keytab ad-joiner
rpm -Ivh centrifydc-5.2.3-rhel4-x86_64.rpm
adjoin -z Global -c 'ou=servers,ou=centrify' corp.contoso.com
Centrify Express For Mac Smart Card
install.sh Help file
This script installs (upgrades/uninstalls) Centrify Suite.
Only the superuser can run this script.
Usage:
install.sh [-n|--ent-suite|--std-suite|--express] [-e] [-h] [-V] [-v ver] [-l log_file]
where:
-n Custom install/upgrade/uninstall in non-interactive mode.
--ent-suite Install Enterprise Suite in non-interactive mode.
--std-suite Install Standard Suite in non-interactive mode.
--express Install Centrify Express in non-interactive mode.
--bundle Install Centrify Suite using bundle.
--suite-config <config_file>
Override default suite config file with <config_file>.
-e Uninstall (erase) CentrifyDC.
-h, --help Print out this usage and then exit.
-V Print out installer version and then exit.
-v <ver> Install CentrifyDC <ver> version.
Format: x.x.x or x.x.x-xxx. x is number.
-l <log_file> Override default log-file PATH with <log_file>.
Centrify Express For Mac
--rev <rev> Package OS revision to install.
--custom_rc Return meaningful exit code.
--override='<options>'
In non-interactive mode, override default options with <options> list.
Format: --override='CentrifyDC_openssh=n,CentrifyDA=R'
--adjoin_opt='<adjoin_options>'
Override default adjoin command line options with <adjoin_options>.
--enable-da In non-interactive mode, once joined to a domain,
enable DA for all shells.
--disable-da In non-interactive mode, disable DA NSS mode after install.
Examples:
Centrify Express For Mac Smart Card
./install.sh -n --override='INSTALL=R,CentrifyDC_nis=Y,CentrifyDC_openssh=N,CentrifyDA=N'
./install.sh --std-suite --adjoin_opt='acme.test -p pass$ -z t_zone -c acme.test/My Servers'
./install-bundle.sh --std-suite '--adjoin_opt='acme.test -p pass$ -z t_zone -c acme.test/My Servers'