installing centrifydc-5.3.1-deb7-x86_64.deb & adjoin vs Orchestration-Basics-Using-a-Chef-recipe
01-24-2017 05:27 PM
For a few linux boxes I have installed centrifydc-5.3.1-deb7-x86_64.deb via Ansible and adjoin'd sucessfully. I can adinfo different users and id them. Am I missing something? Why are the doc for the Chef recipe so ... "rich":
01-24-2017 05:32 PM
I should point out, I'm using the stock openssh out of Ubuntu Trusty/14.04 as opposed to the Centrify SSH. I'm not super familiar with Centrify so I'm just asking - is it that simple?
Is this true/false: A minimally configured Ubuntu Trusty against Centrify requires 2 steps:
1 - install the centrifydc*.deb
2 - adjoin
01-24-2017 05:39 PM
It's always as simple as this:
- Install CentrifyDC package (no need for OpensSSH)
- Get a usable keytab and krb5.conf file
- optional: remove files from step 2
Has been demonstrated with:
01-24-2017 05:42 PM
Ah so, just to be clear, I'm not doing anything with steps 2, 3 and 5. Am I doing anything wrong? By observation, the behavior of what I need appears to be what I want when I just doing #1 and #4.
01-24-2017 06:12 PM
Refer to the Shell link. All your answers are there.
Many of the steps like generating a keytab, permissioning, etc are one time steps. Once you have an AD service account and its corresponding keytab (plus a krb5.conf file) you ar set to go. These steps are performed so you don't use a credential (or worse, a cleartext password) in your scripts.
The rest is just find a way to:
a) host your files (or have a repo)
b) retrieve the keytab+krb5 conf
c) Install CentrifyDC
d) kinit to the service account
e) run adjoin
Otherwise if you want to use the ***definitely not recommended*** process all you need to do is:
$ sudo dpkg -i CentrifyDC-version.deb
$ sudo adjoin -w -c "ou=your, ou=location" -u firstname.lastname@example.org -p your-cleartext-password-don't-do-it
email@example.com should be able to "add computer objects" to the ou=your,ou=location OU in AD