In this lab
- We will install the Centrify agent in CEN1 using RPM and join Active Directory manually
- We will install the Centrify agent in SUSE1 using install.sh in interactive mode and join Active Directory manually
- We will install the Centrify agent and join Active Directory on SOL1 using install.sh in unattended mode.
- We will use some of the tools and CLI commands including with the base agent.
Install Centrify on CEN1 using RPM
- Log in to CLIENT1 with Jessie Matthews (UNIX administrator) account.
- Open PuTTY and connect to CEN1
- Go to the /temp folder (or where you copied the Centrify agent files)
- Decompress the tarball (elevate if necessary)
tar xzvf centrify-suite-2013.3-rhel3-x86_64.tgz - Use RPM to install the base agent centrifydc-5.1.2-rhel3-x86_64.rpm
rpm - Uvh centrifydc-5.1.2-rhel3-x86_64.rpm - To verify that Centrify is installed, run the adinfo command. Notice the output
$ adinfo
not joined any domain
Licensed Features: Enabled
The last line means that the agent can see a valid license in AD.
Join CEN1 to Active Directory
InformationDomain to join: corp.contoso.com
Place to put the computer account: "OU=Servers,OU=UNIX"
Zone to join: HQ
User account that can join systems to the target container: jessie.matthews
Desirable command output: verbose
- Type the following command (requires elevation if you're not root):
sudo adjoin -z HQ -c "OU=Servers,OU=UNIX" -V -u jessie.matthews corp.contoso.com - Type the sudo and Jessie's AD password when prompted.
- To verify that the computer has joined successfully, type the adinfo command:
[centrifying@cen1 temp]$ adinfo
Local host name: cen1
Joined to domain: corp.contoso.com
Joined as: cen1.corp.contoso.com
Pre-win2K name: cen1
Current DC: dc1.corp.contoso.com
Preferred site: CorpHQ
Zone: corp.contoso.com/UNIX/Zones/HQ
CentrifyDC mode: connected
Licensed Features: Enabled - Exit the PuTTY session.
Install Centrify on SUSE1 using install.sh
- Open PuTTY and connect to SUSE1
- Go to the /temp folder (or where you copied the Centrify agent files)
- Decompress the tarball (elevate if necessary)
tar xvfz centrify-suite-2013.3-suse9-x86_64.tgz - Use the install.sh and in interactive mode, select a custom installation and accept the DirectControl Agent, select N for the rest of the options.
How do you want to proceed? (E|S|X|C|Q) [E]:C
Install the Centrify DirectControl 5.1.2 package? (Q|Y|N) [Y]:Y - When presented with the confirmation option, select Y.
You chose Centrify Suite Custom Edition and entered the following:
Install CentrifyDC 5.1.2 package: Y
Install CentrifyDC-nis 5.1.2 package: N
Install CentrifyDC-openssh 5.1.2 package: N
Install CentrifyDC-ldapproxy 5.1.2 package: N
Install CentrifyDA 3.1.1 package: N
Express authentication mode : N
Run adcheck : N
Join an Active Directory domain : N
To change any information, type "N" and enter new information.
Do you want to continue (Y) or re-enter information? (Q|Y|N) [Y]:Y
To join SUSE1 to AD, follow the instructions outlined for CEN1. Keep in mind that the adjoin command is in /usr/sbin in case you don't have it in your path.
Install the Agent and Join AD on SOL1 using an unattended installation
- Open PuTTY and connect to SOL1
- Go to the /temp folder (or where you copied the Centrify agent files)
You may need to su to root or use Solaris roles to perform the following tasks. - Run tar to decompress the tarball
tar xvf centrify-suite-2013.3-sol9-x86.tar - Edit the following lines in the centrifydc-install.cfg file. Uncomment lines if necessary.
ADJOIN="Y"
DOMAIN="corp.contoso.com"
USERID=jessie.matthews
PASSWD=Jessie's or your user's password
CONTAINER="OU=Servers,OU=UNIX"
ZONE=HQ
Comment the following line (add a # in front of it)
#CentrifyDC_openssh=
This is to stop Centrify OpenSSH from being installed with the base package. - Save the file.
- Run install.sh in non-interactive mode
./install.sh -n
Joining the Active Directory domain corp.contoso.com ...
Using domain controller: dc1.corp.contoso.com writable=true
Join to domain:corp.contoso.com, zone:HQ successful
Centrify DirectControl started.
Initializing cache
.
You have successfully joined the Active Directory domain: corp.contoso.com
in the Centrify DirectControl zone: CN=HQ,OU=Zones,OU=UNIX,DC=corp,DC=contoso,DC=com
Verify the objects in Active Directory
Open ADUC and expand the corp.contoso.com domain, expand UNIX, then Expand Servers.- Verify that the two new computer objects are present (refresh if necessary)
- Right-click the CEN1 computer object, select Properties and go to the Operating System tab.
Add each system to their corresponding computer group
- Open Access Manager and Navigate to the Zones/HQ/Authorization/Computer Roles node
- Expand Database Servers, right click Members and select Add Computer
- In the find box, type cen1; click on cen1 from the results box and press OK.
- Expand Web Servers, right click Members and select Add Computer
- In the find box, type suse1; click on suse1 from the results box and press OK
Now all the systems are joined in to AD and properly categorized, we are ready to start working with users and accessing systems.
Appendix
Installing Using a YUM Repositoryhttp://centrifying.blogspot.com/2015/11/setting-up-simple-yum-repository-to.html
Installing Using a Simple Chef recipe
http://centrifying.blogspot.com/2015/11/deploy-centrify-and-join-active.html
Tools: Install.sh
http://centrifying.blogspot.com/2015/10/utilities-installsh.html
No comments:
Post a Comment