12 April,16 at 11:07 AM
Applies to: All versions of Centrify DirectControl-enabled OpenSSH.
Question:
Is it possible to customize the "banner" using Centrify GP when a Centrify user logins to a server using Centrify OpenSSH.
Answer:
Yes. The steps are as follows.
1) You need to enable the Microsoft Group Policy under Active directory “Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Interactive logon: Message text for users attempting to log on". Customize the banner text here.
2) Set banner path under Centrify Group Policies.
Use the SSH Settings group policies to manage different aspects of secure shell (ssh) authentication. The SSH Settings group policies are defined in the
centrify_unix_settings.xml administrative template. When you set SSH Settings group policies, parameters are set in the secure shell configuration file, /etc/centrifydc/ssh/sshd_config, not in the Centrify DirectControl configuration file.
Name of the GP is "Set Banner Path":
Identify a file on the UNIX machine to be sent to a remote user requesting authentication. Typically, the file contains a warning about authentication to provide legal protection to the company. This group policy modifies the ssh.Banner setting in the /etc/centrifydc/ssh/sshd_config file.
3) Wait for GPs to get executed.
4) Login using SSH and see if banner is displayed.
KB-3925: How to add Centrify parameter to a group policy
Centrify 18.3 Release Notes
KB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0)
Centrify 17.5 and 17.5 Hotfix Release Notes
KB-20210: Common Questions Regarding Centrify DirectControl and CoreOS
Centrify 17.10 Release Notes
Centrify 18.5 Release Notes
Centrify 17.11 Release Notes
Centrify 18.4 Release Notes