Lab # 7: Installing the Centrify agent and joining Active

Directory
In this lab

We will install the Centrify agent in CEN1 using RPM and join Active Directory manually

We will install the Centrify agent in SUSE1 using install.sh in interactive mode and join
Active Directory manually

We will install the Centrify agent and join Active Directory on SOL1 using install.sh in
unattended mode.

We will use some of the tools and CLI commands including with the base agent.

Install Centrify on CEN1 using RPM

1.
Log in to CLIENT1 with Jessie Matthews (UNIX administrator) account.
2.
Open PuTTY and connect to CEN1
3.
Go to the /temp folder (or where you copied the Centrify agent files)
4.
Decompress the tarball (elevate if necessary)
tar xzvf centrify-suite-2013.3-rhel3-x86_64.tgz
5.
Use RPM to install the base agent centrifydc-5.1.2-rhel3-x86_64.rpm
rpm - Uvh centrifydc-5.1.2-rhel3-x86_64.rpm
6.
To verify that Centrify is installed, run the adinfo command. Notice the output
$ adinfo
not joined any domain
Licensed Features: Enabled
The last line means that the agent can see a valid license in AD.

Join CEN1 to Active Directory

Information
Domain to join: corp.contoso.com
Place to put the computer account: "OU=Servers,OU=UNIX"
Zone to join: HQ
User account that can join systems to the target container: jessie.matthews
Desirable command output: verbose
1.
Type the following command (requires elevation if you're not root):
sudo adjoin -z HQ -c "OU=Servers,OU=UNIX" -V -u jessie.matthews
corp.contoso.com
2.
Type the sudo and Jessie's AD password when prompted.
3.
To verify that the computer has joined successfully, type the adinfo command:
[centrifying@cen1 temp]$ adinfo
Local host name:
cen1
Joined to domain: corp.contoso.com
Joined as:
cen1.corp.contoso.com
Pre-win2K name:
cen1
Current DC:
dc1.corp.contoso.com
Preferred site:
CorpHQ
Zone:
corp.contoso.com/UNIX/Zones/HQ
CentrifyDC mode:
connected
Licensed Features: Enabled
4.

Exit the PuTTY session.

Install Centrify on SUSE1 using install.sh

1.
2.

Open PuTTY and connect to SUSE1

Go to the /temp folder (or where you copied the Centrify agent files)

3.
Decompress the tarball (elevate if necessary)
tar xvfz centrify-suite-2013.3-suse9-x86_64.tgz
4.
Use the install.sh and in interactive mode, select a custom installation and accept the
DirectControl Agent, select N for the rest of the options.
How do you want to proceed? (E|S|X|C|Q) [E]:C
Install the Centrify DirectControl 5.1.2 package? (Q|Y|N) [Y]:Y
5.
When presented with the confirmation option, select Y.
You chose Centrify Suite Custom Edition and entered the following:
Install CentrifyDC 5.1.2 package: Y
Install CentrifyDC-nis 5.1.2 package: N
Install CentrifyDC-openssh 5.1.2 package: N
Install CentrifyDC-ldapproxy 5.1.2 package: N
Install CentrifyDA 3.1.1 package: N
Express authentication mode
: N
Run adcheck
: N
Join an Active Directory domain : N
If this information is correct and you want to proceed, type "Y".
To change any information, type "N" and enter new information.
Do you want to continue (Y) or re-enter information? (Q|Y|N) [Y]:Y
To join SUSE1 to AD, follow the instructions outlined for CEN1. Keep in mind that the adjoin
command is in /usr/sbin in case you don't have it in your path.

Install the Agent and Join AD on SOL1 using an unattended

installation
1.
Open PuTTY and connect to SOL1
2.
Go to the /temp folder (or where you copied the Centrify agent files)
You may need to su to root or use Solaris roles to perform the following tasks.
3.
Run tar to decompress the tarball
tar xvf centrify-suite-2013.3-sol9-x86.tar
4.
Edit the following lines in the centrifydc-install.cfg file. Uncomment lines if
necessary.
ADJOIN="Y"
DOMAIN="corp.contoso.com"
USERID=jessie.matthews
PASSWD=Jessie's or your user's password
CONTAINER="OU=Servers,OU=UNIX"
ZONE=HQ
Comment the following line (add a # in front of it)
#CentrifyDC_openssh=
This is to stop Centrify OpenSSH from being installed with the base package.
5.
Save the file.
6.
Run install.sh in non-interactive mode
./install.sh -n
At this point the script will run adcheck and read the unattended file. Some output:
Joining the Active Directory domain corp.contoso.com ...
Using domain controller: dc1.corp.contoso.com writable=true
Join to domain:corp.contoso.com, zone:HQ successful
Centrify DirectControl started.
Initializing cache
.
You have successfully joined the Active Directory domain:
corp.contoso.com

in the Centrify DirectControl zone:

CN=HQ,OU=Zones,OU=UNIX,DC=corp,DC=contoso,DC=com

Verify the objects in Active Directory

Open ADUC and expand the corp.contoso.com domain, expand UNIX, then Expand Servers.
1.
Verify that the two new computer objects are present (refresh if necessary)

2.
tab.

Right-click the CEN1 computer object, select Properties and go to the Operating System

Notice that the OS type and version exhibit the proper version.

Add each system to their corresponding computer group

1.
2.
3.
4.
5.

Open Access Manager and Navigate to the Zones/HQ/Authorization/Computer Roles node

Expand Database Servers, right click Members and select Add Computer
In the find box, type cen1; click on cen1 from the results box and press OK.
Expand Web Servers, right click Members and select Add Computer
In the find box, type suse1; click on suse1 from the results box and press OK

Now all the systems are joined in to AD and properly categorized, we are ready to start working
with users and accessing systems.