• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Centrify, Casper and AD certificate
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Centrify, Casper and AD certificate

  • Subject: Re: [Fed-Talk] Centrify, Casper and AD certificate
  • From: Mike Bainter - NOAA Affiliate <email@hidden>
  • Date: Tue, 27 Sep 2016 10:28:07 -0700
Hi David,

I think the issue might be that JSS has stopped collecting/reporting the information correctly using their built-in template. This thread at JAMFNation discusses this very topic: 

https://jamfnation.jamfsoftware.com/discussion.html?id=17838

Another related issue is the inability to install Centrify through their Directory Binding feature in Computer Management, a known bug D-009723.

Hopefully it will be fixed.

bainter
***************************************************************
Mike Bainter
ERT Contractor - IT Helpdesk (Mac Specialist)
NOAA / NMFS / Northwest Fisheries Science Center
2725 Montlake Blvd. E. Seattle, WA 98112
Desk: 206-302-1775
Mobile: 253-740-2995
***************************************************************

On Tue, Sep 27, 2016 at 10:01 AM, David McNeely <email@hidden> wrote:
First a simpler way to find the domain that a Mac is joined to via Centrify is: 
$ adinfo -d
centrify.com
$

Next, You can simply turn on Group Policy in order to have Centrify auto-issue/renew Certificates since the agent will obey the Group Policy that you already have defined for Windows Computers to auto-issue and renew computer certificates. The agent will also establish local trust with the enterprise Certificate Authorities by retrieving the trusted roots from your AD. 

-David
VP at Centrify


On Sep 27, 2016, at 9:00 AM, Mike Bainter - NOAA Affiliate <email@hidden> wrote:

FYI, In our environment, last time JSS reported bound status accurately was when Macs were on Centrify 5.2.1 and 5.2.2 (JSS beginning at 9.81) running on OS X 10.9.5 clients. 

bainter
***************************************************************
Mike Bainter
ERT Contractor - IT Helpdesk (Mac Specialist)
NOAA / NMFS / Northwest Fisheries Science Center
2725 Montlake Blvd. E. Seattle, WA 98112
Desk: 206-302-1775
***************************************************************

On Tue, Sep 27, 2016 at 8:38 AM, Williams, E. Sheldon (Contractor) <email@hidden> wrote:

Exactly right Paul.  Thanks.

 

 

---------------------------------------------------

E. Sheldon Williams (Contractor)

EUT, OIT

URS Federal Services

Systems Engineering & Information Solutions Group

U.S. Securities and Exchange Commission

100 F Street, NE; Room L610

Washington, DC  20549-5628  

Office of Information Technology                                   

Direct:  202.551.5233

Office Email: email@hidden

 

This e-mail and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the e-mail message and any attachments or copies, and you are prohibited from retaining, distributing disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your cooperation.

 

From: "Dickson, Paul K. (CTR)" <email@hidden>
Date: Tuesday, September 27, 2016 at 11:23 AM
To: Carib Mendez <email@hidden>, "Williams, E. Sheldon (Contractor)" <email@hidden>
Cc: Fed Talk <email@hidden>
Subject: RE: [Fed-Talk] Centrify, Casper and AD certificate

 

With an installer I assume you mean certificate authority certs.  I believe he is trying to get individual machine certs down to the devices.

 

 

--

Paul K. Dickson

Systems Engineer

National Biodefense Analysis and Countermeasures Center

301-619-5974

email@hidden

 

From: fed-talk-bounces+paul.dickson=email@hidden [mailto:fed-talk-bounces+paul.dickson=email@hiddenple.com] On Behalf Of Carib Mendez
Sent: Tuesday, September 27, 2016 11:21 AM
To: Williams, E. Sheldon (Contractor) <email@hidden>
Cc: Fed Talk <email@hidden>
Subject: Re: [Fed-Talk] Centrify, Casper and AD certificate

 

Sheldon,

 

   From my experience when bound with Centrify JAMF has never reported it back correctly as bound. For AD certificates, I've instead created a separate installer that runs along side the certify installer to manually add any certificates to the system.keychain, via the security command via the CLI.


On Sep 27, 2016, at 11:06 AM, "Williams, E. Sheldon (Contractor)" <email@hidden> wrote:

Good Morning All,

 

                We are running into an issue where once we bind our Macs using Centrify, either thru the Centrify GUI or via terminal, the mac even though bound reports back to the JSS as not bound.  This, in turn, stops a configuration profile with an AD certificate payload from being installed because “the machine is not bound to AD”

 

                Is anyone else seeing this with Centrify 5.3.1?  We have a call into JAMF and they say it’s a known issue and that they are trying to come up with a workaround, but I was wondering if anyone else has see this and has overcome this obstacle?

 

Thanks,

Sheldon

 

 

---------------------------------------------------

E. Sheldon Williams (Contractor)

EUT, OIT

URS Federal Services

Systems Engineering & Information Solutions Group

U.S. Securities and Exchange Commission

100 F Street, NE; Room L610

Washington, DC  20549-5628  

Office of Information Technology                                   

Direct:  202.551.5233

Office Email: email@hidden

 

This e-mail and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the e-mail message and any attachments or copies, and you are prohibited from retaining, distributing disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your cooperation.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: [Fed-Talk] Centrify, Casper and AD certificate (From: Carib Mendez <email@hidden>)
 >Re: [Fed-Talk] Centrify, Casper and AD certificate (From: "Dickson, Paul K. (CTR)" <email@hidden>)
 >Re: [Fed-Talk] Centrify, Casper and AD certificate (From: "Williams, E. Sheldon (Contractor)" <email@hidden>)
 >Re: [Fed-Talk] Centrify, Casper and AD certificate (From: Mike Bainter - NOAA Affiliate <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Centrify, Casper and AD certificate
  • Next by Date: [Fed-Talk] Tenable/Nessus plugin 93685 - anyone dealing with this headache?
  • Previous by thread: Re: [Fed-Talk] Centrify, Casper and AD certificate
  • Next by thread: [Fed-Talk] VA VPN with Macs and PIV only enforcement
  • Index(es):
    • Date
    • Thread