× Welcome to the Centrify Community! We are rolling out product name changes — click here to learn more.

find-generic-password /Active Directory/DOMAINAME Equivelent for Centrify

Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Contributor I
Posts: 12
Registered: ‎10-15-2015
#11 of 14 1,245

Re: find-generic-password /Active Directory/DOMAINAME Equivelent for Centrify

I did actually have an open ticket with Centrify to work on that issue with the back end way of doing thing. But you are right about the long run. It may not be impemented until later in the year. I didn't really get a timeframe on completion. Hoping to have a quicker temporary solution to help with the constant problems we are seeing now.

 

The options you suggest do sound foregin to me so I may need a little more walkthrough steps to test that.

 

I feel like I'm close with the script I'm using now if I can just figure out how to get the /CentrifyDC item back in keychain for the machines it has been removed on without having to do a manual unbind and then rebind again.

 

I was able to replicate a cause of /CentrifyDC being removed for testing. If on a Centrify Bound machine you go into terminal and type "sudo systemkeychain -vfcC" it blows away the keychain and recreates everying and then adgpupdate brings all the certs back and everything. But the /CentrifyDC object is missing after that.

Centrify Advisor III
Posts: 73
Registered: ‎02-18-2015
#12 of 14 1,082

Re: find-generic-password /Active Directory/DOMAINAME Equivelent for Centrify

Hi @jerdill,

 

Just wanted to let you know that the access control feature is now available in Suite 2017.1:

 

https://docs.centrify.com/en/centrify/macadmin/index.html#page/macadmin/adm_computerGPs_SecurityPriv...

 

Please note that you will need to upgrade the agent to 2017.1 verion and also the group policy template. If you need any assistance on this, please file a ticket to Support and one of our Support engineer could help you out. Thanks.

 

Regards,
Albert

Contributor I
Posts: 12
Registered: ‎10-15-2015
#13 of 14 1,072

Re: find-generic-password /Active Directory/DOMAINAME Equivelent for Centrify

Thanks for letting me know. I installed the 2017.1 version but I don't see the new keys available under "Public Key Policies" yet. I confirmed 5.4.1.439 is the installed version of the Group Policy Management Editor Exenstion and the ADUC exension. Is there another component I need to see the new keys?

 

The only ones that show are Do not Allow private key to be extractable & Store Private and public key in keychain only.

Centrify Advisor III
Posts: 73
Registered: ‎02-18-2015
#14 of 14 1,070

Re: find-generic-password /Active Directory/DOMAINAME Equivelent for Centrify

Hi @jerdill,

 

You will also need to update the template. Please find the details on how to update the template in below KB article:

 

https://centrify.force.com/support/Article/KB-2600-How-to-install-new-Centrify-Group-Policies-templa...

 

Hope this helps.

 

Regards,

Albert