Centrify Express is an Active Directory based authentication and single sign-on to cross-platform systems. It used to integrate Linux and Mac systems with Windows. Centrify Express installs a program called the DirectControl agent on a UNIX system so that computer can be a managed system and can be joined to Active Directory in the same manner as a Windows computer. When a computer is managed by DirectControl agent and connected to a domain, all users and groups defined in Active Directory for the forest automatically become valid users and groups on the UNIX machine unless configured to deny or allow specific users or groups access. These users can perform the following common tasks:
- Log on to the UNIX shell or desktop program and use standard programs and services such as telnet, ssh, and ftp.
- Log on to a computer that is disconnected from the network or unable to access Active Directory, if they have successfully logged on and been authenticated by Active Directory previously.
- Manage their Active Directory passwords directly from the UNIX command line, provided they can connect to Active Directory.
Centrify Express consists of:
DirectControl Express
Joins Linux and Mac systems to Active Directory, giving users multi-platform single sign-on
DirectManage Express
Automates discovery, readiness, and deployment of Express agent for easy integration with Active Directory
Centrify-Enabled Open Source Tools
Use our free, enhanced versions of OpenSSH, PuTTY and Samba for painless integration
Installation.
In a previous post, we discussed a UNIX/Linux scenario with Centrify Enterprise Edition; in this post and in an upcoming playlist, we'll be integrating a couple of Mac OS X systems. On-premise (or Enterprise) systems tend to have different requirements from BYOD (Bring Your Own Device) Macs. Login to the Mac with an account that has administrative privileges. Insert the thumb drive and copy the CentrifyDC‐5.1.3‐mac10.7.dmg file to the desktop. Double click the CentrifyDC‐5.1.3‐mac10.7.dmg file to open the Centrify for Mac OS X NOTE: The Centrify screen will present two options. Jul 16, 2020 Verifying Centrify DirectControl Agent for Mac installation prerequisites. Before installing the Centrify DirectControl Agent for Mac on your Mac computers, be certain that you or another administrator has installed Centrify Management Services on a Windows computer in the domain.
DirectControl Express installation steps are simple:
- On the Linux computer, log on as root.
- If necessary, unzip the centrify-suite archive file.
- Run the install-express.sh command to install the Express Agent and Centrify-enabled
./install-express.sh
The installation script begins by running the adcheck program to check the operating system, disk space, DNS resolution, network connectivity, Active Directory configuration and other requirements on the computer. If you receive errors or warnings, see the DirectControl Express Administrator’s Guide for information on how to correct them.
When you run the installation script, answer the prompts as follows:
How do you want to proceed? (E|S|X|C|Q) [X]: X
Type X (the default) for Express Mode. For most of the prompts, you can accept the default value by pressing Enter.
Be certain to specify Yes when prompted to join a domain. For an Express installation, the script automatically joins a computer in unlicensed mode. If you manually join a domain after installation, you must manually turn off licensed features. This process is covered in the Centrify DirectControl Express Administrator’s Guide.
Once installed the users can enter their username in the form that they are most comfortable with, saving time and not requiring them to remember or type a domain name. All of these examples work equally well:
Centrify Express For Mac Smart Card
- user.name
- user name
- user.name@domain.com
- domain.comuser.name
One of my favorite features other than the single login, is that you can authenticate Active Directory users accessing Samba shares at add an easier way to add users, keep track of who has access.
Centrify Express supports the following Operating Systems:
Linux
Centrify Express For Smart Card Mac
CentOS Linux: 3.8, 3.9, 4.4, 4.6, 4.7, 4.8, 5, 5.1, 5.2, 5.3, 5.4, 5.5 (32-bit & 64-bit)
Citrix XenServer: 4, 4.1, 5 (32-bit)
Debian: 3.1, 4, 5 (32-bit & 64-bit)
Mandriva Linux One: 2008, 2009, 2009.1, 2010, 2010.1 (32-bit)
Novell SUSE Linux: Server 8, 9, 10, 11 (32-bit); Desktop 9.2, 9.3, 10, 11 (32-bit)
Novell SUSE Linux PPC: 9, 10, 11 (64-bit)
Novell SUSE Linux Itanium: 9, 10, 11 (64-bit)
OpenSUSE Linux: 10.1, 10.2, 10.3, 11, 11.1, 11.2 (32-bit)
OpenSUSE Linux: 10.1, 10.2, 10.3, 11, 11.1, 11.2 (64-bit)
Oracle Enterprise Linux: 4, 5 (32-bit & 64-bit)
Red Hat Enterprise Linux: 3, 4, 4.8, 5, 5.1, 5.2 ,5.3, 5.4, 5.5 (32-bit & 64-bit)
Red Hat Enterprise Linux Itanium: 4, 4.8, 5, 5.1, 5.2, 5.3, 5.4, 5.5
Red Hat Fedora: 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 (32-bit & 64-bit)
Scientific Linux: 3.0.8, 3.0.9, 4.4, 4.5, 4.6, 4.7, 4.8, 5, 5.1, 5.2, 5.3, 5.4, 5.5 (32-bit & 64-bit)
Ubuntu: 6.06 LTS, 7.04, 7.10, 8.04 LTS, 8.10, 9.04, 9.10, 10.04 LTS x86 (32-bit & 64-bit)
VMWare ESX Server: 3.0, 3.0.1, 3.0.2, 3.5 (32-bit)
VMWare ESX Server: 4 (64-bit)
MAC
Apple Mac OS X: 10.4.5+, 10.5.3+ on PPC, 10.4.5+, 10.5.3+ on Intel (32-bit)
Apple Mac OS X: 10.6 on Intel (32/64-bit)
Centrify Express For Mac
There is a Centrify Suite that has more functionality but at a price. The Centrify Express is free and accomplishes exactly what I was looking for. If you want to intregrate Active Directory authentication into you Linux, Unix, or Mac machines check out Centrify Express it may be just what you are looking for. You can get more information at their website: www.centrify.com/default.asp