Installing the Verify Privilege Server Suite Agent for *NIX

The Centrify Agent must be installed on each UNIX or Linux computer you want to manage. After you have downloaded platform-specific agents for the operating systems you want to evaluate, you should make sure the software is on the physical or virtual UNIX or Linux computer you are using for the evaluation.

To install the agent package

  1. Log on to the UNIX or Linux computer with root privileges.

  2. Copy the Centrify Agent for *NIX package for the local operating system to the computer and change to that directory.

  3. Extract the contents of the package.

    For example, if you have a Red Hat Enterprise Linux based computer, you might enter the following:

    gunzip centrify-server-suite-<release>-rhel5-x86_64.tgz

  4. Expand the archive file.

    For example, if you have a Red Hat Enterprise Linux based computer, you might enter the following:

    tar -xvf centrify-server-suites-<release>-rhel5-x86_64.tar

  5. Run the install.sh script.

    For example, if you are running Red Hat Enterprise Linux you would enter the following:

    /bin/sh install.sh

  6. Follow the prompts displayed to check whether the local computer is ready for the installation.

    If there are errors, you must fix them before installing the software. Warning messages are informational, but do not prevent you from installing the software.

  7. Follow the prompts displayed using the following instructions:

Prompt Action
Do you want to run adcheck to verify your AD environment? Enter N to skip post-installation checks.
Join an Active Directory Domain? Enter N to join later.
Enable auditing on this computer (audit and monitoring service NSS mode)? Enter Y to enable auditing.
Do you want to continue (Y) or re-enter information? Enter Y to install the default packages.
Enable Linux Desktop auditing on this computer? Enter Y to enable Linux desktop auditing.

If you have more than one Linux or UNIX computers included in the evaluation, repeat Step 1 through Step 7 on each computer.

  1. Verify the installation by running the adinfo command at the UNIX command prompt.

    adinfo

    This command-line program displays information about the Linux or UNIX computer’s status in Active Directory. At this point, the output should show you that you are not joined, but Licensed Features are enabled.

Joining the Domain

You are now ready to use the adjoin command-line program to join the Linux or UNIX computer to the Active Directory domain you are using for evaluation.

The most basic syntax for the adjoin command is:

adjoin domain -z zone -u username

For more information about adjoin syntax and options, see the man page for the adjoin command.

To join an Active Directory domain from a Linux or UNIX computer

  1. Log on to the UNIX or Linux computer with root privileges.

  2. Run the adjoin command, specifying the domain, zone, and the account name for an Active Directory administrator with permission to join the domain.

  3. Enter the password for the Active Directory account used to join the domain.

  4. Verify the UNIX or Linux computer is joined to Active Directory by running the adinfo command.

    adinfo

    The output should look similar to the following:

    Local host name: my-eval
    Joined to domain: test.acme.com
    Joined as: my-eval.test.acme.com
    Pre-win2K name: my-eval
    Current DC: dc-mine.test.acme.com
    Preferred site: CA
    Zone: test.acme.com/acme/zones/HQ
    Last password set: 2020-08-14 11:24:32 PDT
    CentrifyDC mode: connected
    Licensed Features: Enabled

  5. Restart the Linux or UNIX computer.

    Restarting the computer is not required, but is recommended to ensure that all services are restarted.

Verifying your Progress in Access Manager

You now have a Verify Privilege Server Suite-managed computer. To see the computer in Access Manager, expand Zones > Headquarters > Computers. The Linux or UNIX computer is listed under the Computers node. The computer has successfully joined an Active Directory domain and is prepared for access control and privilege management. However, no Active Directory users can log on to the computer yet.