Enabling Mac Enrollment and the new Mac Agent The new Centrify Mac agent replaces our existing web enrollment for Macs. This feature is optional and can be enabled in our cloud policy by enabling Mac enrollment. Users can be prompted to enroll their Macs whenever they visit the user portal from a Mac that is not currently enrolled. Previously, the Centrify Express product extended legacy, on-prem Microsoft Active Directory identities to non-Windows resources such as Mac ® and Linux ® systems as well as web applications. Centrify was essentially an add-on to on-prem Active Directory infrastructure.

Centrify Express is an Active Directory based authentication and single sign-on to cross-platform systems. It used to integrate Linux and Mac systems with Windows. Centrify Express installs a program called the DirectControl agent on a UNIX system so that computer can be a managed system and can be joined to Active Directory in the same manner as a Windows computer. When a computer is managed by DirectControl agent and connected to a domain, all users and groups defined in Active Directory for the forest automatically become valid users and groups on the UNIX machine unless configured to deny or allow specific users or groups access. These users can perform the following common tasks:

• Log on to the UNIX shell or desktop program and use standard programs and services such as telnet, ssh, and ftp.

• Log on to a computer that is disconnected from the network or unable to access Active Directory, if they have successfully logged on and been authenticated by Active Directory previously.

• Manage their Active Directory passwords directly from the UNIX command line, provided they can connect to Active Directory.

Centrify Express consists of:

DirectControl Express
Joins Linux and Mac systems to Active Directory, giving users multi-platform single sign-on

DirectManage Express
Automates discovery, readiness, and deployment of Express agent for easy integration with Active Directory

Centrify-Enabled Open Source Tools
Use our free, enhanced versions of OpenSSH, PuTTY and Samba for painless integration

Installation.

DirectControl Express installation steps are simple:

1. On the Linux computer, log on as root.
2. If necessary, unzip the centrify-suite archive file.
3. Run the install-express.sh command to install the Express Agent and Centrify-enabled

./install-express.sh

Centrify Express For Mac Smart Card

The installation script begins by running the adcheck program to check the operating system, disk space, DNS resolution, network connectivity, Active Directory configuration and other requirements on the computer. If you receive errors or warnings, see the DirectControl Express Administrator’s Guide for information on how to correct them.

When you run the installation script, answer the prompts as follows:

How do you want to proceed? (E|S|X|C|Q) [X]: X

Type X (the default) for Express Mode. For most of the prompts, you can accept the default value by pressing Enter.

Be certain to specify Yes when prompted to join a domain. For an Express installation, the script automatically joins a computer in unlicensed mode. If you manually join a domain after installation, you must manually turn off licensed features. This process is covered in the Centrify DirectControl Express Administrator’s Guide.

Once installed the users can enter their username in the form that they are most comfortable with, saving time and not requiring them to remember or type a domain name. All of these examples work equally well:

• user.name
• user name
• user.name@domain.com
• domain.comuser.name

One of my favorite features other than the single login, is that you can authenticate Active Directory users accessing Samba shares at add an easier way to add users, keep track of who has access.

Centrify Express supports the following Operating Systems:

Linux

CentOS Linux: 3.8, 3.9, 4.4, 4.6, 4.7, 4.8, 5, 5.1, 5.2, 5.3, 5.4, 5.5 (32-bit & 64-bit)
Citrix XenServer: 4, 4.1, 5 (32-bit)
Debian: 3.1, 4, 5 (32-bit & 64-bit)
Mandriva Linux One: 2008, 2009, 2009.1, 2010, 2010.1 (32-bit)
Novell SUSE Linux: Server 8, 9, 10, 11 (32-bit); Desktop 9.2, 9.3, 10, 11 (32-bit)
Novell SUSE Linux PPC: 9, 10, 11 (64-bit)
Novell SUSE Linux Itanium: 9, 10, 11 (64-bit)
OpenSUSE Linux: 10.1, 10.2, 10.3, 11, 11.1, 11.2 (32-bit)
OpenSUSE Linux: 10.1, 10.2, 10.3, 11, 11.1, 11.2 (64-bit)
Oracle Enterprise Linux: 4, 5 (32-bit & 64-bit)
Red Hat Enterprise Linux: 3, 4, 4.8, 5, 5.1, 5.2 ,5.3, 5.4, 5.5 (32-bit & 64-bit)
Red Hat Enterprise Linux Itanium: 4, 4.8, 5, 5.1, 5.2, 5.3, 5.4, 5.5
Red Hat Fedora: 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 (32-bit & 64-bit)
Scientific Linux: 3.0.8, 3.0.9, 4.4, 4.5, 4.6, 4.7, 4.8, 5, 5.1, 5.2, 5.3, 5.4, 5.5 (32-bit & 64-bit)
Ubuntu: 6.06 LTS, 7.04, 7.10, 8.04 LTS, 8.10, 9.04, 9.10, 10.04 LTS x86 (32-bit & 64-bit)
VMWare ESX Server: 3.0, 3.0.1, 3.0.2, 3.5 (32-bit)
VMWare ESX Server: 4 (64-bit)

MAC

Centrify Express For Mac Smart Card

Apple Mac OS X: 10.4.5+, 10.5.3+ on PPC, 10.4.5+, 10.5.3+ on Intel (32-bit)

Apple Mac OS X: 10.6 on Intel (32/64-bit)

Centrify Express For Mac

There is a Centrify Suite that has more functionality but at a price. The Centrify Express is free and accomplishes exactly what I was looking for. If you want to intregrate Active Directory authentication into you Linux, Unix, or Mac machines check out Centrify Express it may be just what you are looking for. You can get more information at their website: www.centrify.com/default.asp