Centrify - Securing the Cross Platform Data Center
Showing results for 
Search instead for 
Do you mean 

The Centrify Apple Guys

LMcAndrew

What's new in DirectControl 5.0.1 for the Mac

by ‎11-22-2011 09:59 AM - edited ‎03-01-2012 06:07 PM

DirectControl 5.0.1 is the first release on the Macintosh platform that provides support for Next Generation Zones.

 

Here are some highlights on new functionality in this release:

 

Support for OS X 10.7.

This includes support for Apple's FileVault full disk encryption and Microsoft's Distributed File System (DFS) capabilities.

 

More details on our Filevault support are here : 

DirectControl for Mac OS X Filevault Configuration

 

More details on our DFS support are here : 

Centrify Support for DFS in OS X 10.7 (Lion)

 

Automated Certificate Enrollment.

Centrify enabled machines can now automatically detect if a Windows Group Policy requires machine certificates to be present. The Mac will then automatically request, download and install a machine certificate into the OS X keychain and make it available for services such as 802.1x and VPN.

 

When the certificates reach their expiration lifetime, DirectControl will automatically request a new certificate and update the certificate in keychain.

 

  • 802.1X configuration management is provided by Apple's Profile Manager in Lion 10.7
  • 802.1X configuration support for 10.6 is provided as a Centrify group policy.

 

Improved support for Printer Management on the Mac.

Customers now have the ability to assign users to the _lpadmin and _lpoperator printer groups on the local mac. This will allow users to stop and restart the print queue and create their own printer definition files if required.

 5.0screenshot 1.png

 

Simplified configuration for automatically mounted fileservers and home directories.

  • A new Group Policy allows you to specify the file servers you would like mounted on the desktop at login time.
  • A new policy to mount the user's network home directory on the desktop

 5.0screenshot 2.png

 

 

Smartcard support.

  • Centrify now provides full smart card support for 10.6 and 10.7 for all CAC, CACNG, and PIV cards. This includes the Oberthur ID One 128 v 5.5 Dual Smart Card.
  • Note: Support for smart card authentication on 10.7 is provided, however, the user is required to enter their smart card UPN in addition to their PIN. This is remedied by selecting “other” and then present the Smartcard’s UPN through the username and password field (the password field will take the place of the PIN edit field).  If the user presents the correct information in the “other” login window, the user can login using a Smartcard.  The only way to get the UPN or “NT Principal Name” is to query the card and review the certificates for that user. See example below.
  • Update Mar 1 2012. The comment above only applies to versions 10.7-10.7.2. This smart card behavior was improved in 10.7.3, and there's a new note that explains the difference: http://community.centrify.com/t5/The-Centrify-Apple-Guy/OS-X-10-7-3-and-Smart-Card-Support/ba-p/3660

 

 5.0screenshot 3.png

 

Comments
by dbrowning on ‎03-01-2012 06:04 AM

What happens with FileVault 2 if you have it already turned on and the install Centrify?  is there a way to update the FV password so that it will match AD Creds?

by on ‎03-01-2012 06:01 PM

We have a document that describes how use Filevault 2 with Active Directory users.

 

You can read it here : http://www.centrify.com/downloads/products/documentation/suite2011/ga/centrify-dc-os-x-10-7-filevaul...

by Rod on ‎06-14-2012 02:26 PM

Question re-download and install a machine certificate into the OS X keychain and make it available for services such as 802.1x and VPN.

Is this certificate exportable? It has been my experience with OS X that it's certificates include the associated private key and thus could moved to a different machine.

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.