Centrify - Securing the Cross Platform Data Center

DirectControl Express for UNIX/Linux

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Occasional Advisor
Bartonn
Posts: 9
Registered: ‎04-03-2012

Re: Can't log into trusted domain

Options

‎04-03-2012 11:54 AM

Hopefully this works beter for you.

Message 11 of 15 (1,284 Views)
Reply
0 Kudos
Please use plain text.
 
Centrify
Centrify
Fel
Posts: 412
Registered: ‎07-06-2010

Re: Can't log into trusted domain

Options

‎04-03-2012 03:13 PM

The adinfo output looks OK to me.  Now let's get inside the head of adclient to figure out what its doing.

 

Please do the following:

 

/usr/share/centrifydc/bin/addebug clear
adflush
 /usr/share/centrifydc/bin/addebug on

Run adinfo -g companyY.com

Run adquery user <user_from_domain@companyY.com> -A

Run adinfo -t

Attempt to authenticate as the user

/usr/share/centrifydc/bin/addebug off

Send /tmp/adinfo_support.tar.gz and /etc/krb5.conf for review to felderi.santiago@centrify.com.  I will work with my colleague Sumana to review the log file.

 Regards,

Felderi Santiago
Senior Systems Engineer
Centrify Corporation
Message 12 of 15 (1,268 Views)
Reply
0 Kudos
Please use plain text.
 
Centrify
Centrify
Fel
Posts: 412
Registered: ‎07-06-2010

Re: Can't log into trusted domain

Options

‎04-06-2012 06:57 AM

I wanted to update the post with the latest information.

 

I've been working with Bartonn offline on identifying the root cause of the problem.  By analysing the logs we determined that that the Centrify dns.dc and dns.gc parameters were misconfigured.

 

I've asked Bartonn to re-configure properly and to get back to us with the results.

 

Regards,

Felderi Santiago
Senior Systems Engineer
Centrify Corporation
Message 13 of 15 (1,250 Views)
Reply
0 Kudos
Please use plain text.
 
Shane
Visitor
Shane
Posts: 1
Registered: ‎04-24-2012

Re: Can't log into trusted domain

Options

‎04-24-2012 05:32 AM

Can you post a sample of what the proper configuration should look like?  We are have a similar problem and is seems like an adflush to make the adclient re-read the memberships lets our users finally log in.

Message 14 of 15 (1,195 Views)
Reply
0 Kudos
Please use plain text.
 
Centrify
Centrify
Fel
Posts: 412
Registered: ‎07-06-2010

Re: Can't log into trusted domain

Options

‎04-24-2012 02:14 PM

By default no configuration is needed if the domains are trusted.  In the case of Bartonn we had to hardcode the DCs for the trusted domain since his DNS environment would not qualify those names.

 

From your comment, it seems like you're able to get cross domain authentications to work, they then stop working and if run adflush, they start working again.  Is this correct?  If yes, does this problem happen for all users or only some users?  If not, can you please elaborate on the problem a bit further?

 

Regards,

 

Felderi Santiago
Senior Systems Engineer
Centrify Corporation
Message 15 of 15 (1,183 Views)
Reply
0 Kudos
Please use plain text.
 
Copyright © 2004-2012 Centrify Corporation.   Terms of Use  |   Privacy Policy