× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

installing centrifydc-5.3.1-deb7-x86_64.deb & adjoin vs Orchestration-Basics-Using-a-Chef-recipe

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 5
Registered: ‎01-12-2017
#1 of 5 764

installing centrifydc-5.3.1-deb7-x86_64.deb & adjoin vs Orchestration-Basics-Using-a-Chef-recipe

For a few linux boxes I have installed centrifydc-5.3.1-deb7-x86_64.deb via Ansible and adjoin'd sucessfully. I can adinfo different users and id them. Am I missing something? Why are the doc for the Chef recipe so ... "rich": 

 

http://community.centrify.com/t5/TechBlog/HOWTO-Orchestration-Basics-Using-a-Chef-recipe-to-deploy/b...

Participant II
Posts: 5
Registered: ‎01-12-2017
#2 of 5 761

Re: installing centrifydc-5.3.1-deb7-x86_64.deb & adjoin vs Orchestration-Basics-Using-a-Chef-re

I should point out, I'm using the stock openssh out of Ubuntu Trusty/14.04 as opposed to the Centrify SSH. I'm not super familiar with Centrify so I'm just asking - is it that simple? 

 

Is this true/false: A minimally configured Ubuntu Trusty against Centrify requires 2 steps: 

 

1 - install the centrifydc*.deb

2 - adjoin

 

Centrify Guru I
Posts: 1,693
Registered: ‎07-26-2012
#3 of 5 759

Re: installing centrifydc-5.3.1-deb7-x86_64.deb & adjoin vs Orchestration-Basics-Using-a-Chef-re

@jcheng,

 

It's always as simple as this:

 

  1. Install CentrifyDC package  (no need for OpensSSH)
  2. Get a usable keytab and krb5.conf file
  3. kinit
  4. adjoin
  5. kdestroy
  6. optional: remove files from step 2

 

 

Has been demonstrated with:

Shell: http://community.centrify.com/t5/TechBlog/HOWTO-Use-Centrify-Tools-for-Public-Private-Cloud-Automati...

Chef: http://community.centrify.com/t5/TechBlog/HOWTO-Orchestration-Basics-Using-a-Chef-recipe-to-deploy/b...

Puppet: http://community.centrify.com/t5/TechBlog/HOWTO-Orchestration-Basics-Using-Puppet-standalone-to-depl...

 

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 5
Registered: ‎01-12-2017
#4 of 5 757

Re: installing centrifydc-5.3.1-deb7-x86_64.deb & adjoin vs Orchestration-Basics-Using-a-Chef-re

Ah so, just to be clear, I'm not doing anything with steps 2, 3 and 5. Am I doing anything wrong? By observation, the behavior of what I need appears to be what I want when I just doing #1 and #4.

Centrify Guru I
Posts: 1,693
Registered: ‎07-26-2012
#5 of 5 754

Re: installing centrifydc-5.3.1-deb7-x86_64.deb & adjoin vs Orchestration-Basics-Using-a-Chef-re

[ Edited ]

Refer to the Shell link.  All your answers are there.

 

Many of the steps like generating a keytab, permissioning, etc are one time steps.  Once you have an AD service account and its corresponding keytab (plus a krb5.conf file) you ar set to go.  These steps are performed so you don't use a credential (or worse, a cleartext password) in your scripts.

 

The rest is just find a way to:

a) host your files (or have a repo)

b) retrieve the keytab+krb5 conf

c) Install CentrifyDC

d) kinit to the service account

e) run adjoin

f) cleanup

 

 

Otherwise if you want to use the ***definitely not recommended*** process all you need to do is:

 

$ sudo dpkg -i CentrifyDC-version.deb

$ sudo adjoin -w -c "ou=your, ou=location" -u your-username@domain.name -p your-cleartext-password-don't-do-it

 

your-username@domain.name should be able to "add computer objects" to the ou=your,ou=location OU in AD

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: