Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3282: How to configure a VPN interface to connect with Centrify for Mac OS X

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:11 AM

Applies to: All versions of Centrify DirectControl on Mac OS X

Question:

A remote user is able to successfully connect to the domain over a VPN connection, but Centrify still reports that it is "Disconnected".
This means some actions, such as remote password updates, do not pass through correctly.

How can Centrify be configured to work with VPN connections?


Answer:

Since the VPN is now the primary interface used to connect to the domain, the "DNS" and "Search Domains" of the VPN must match the configuration set in the regular ethernet or wifi interface that is normally used to connect to the domain (while in the office):
  1. If in the office and the Mac normally connects to the domain over Ethernet, go to:
    • System Preferences > Network > (Select the Ethernet interface) > Advanced > DNS tab
       
    • (If Wifi is normally used as the office connection, select the Wi-Fi interface instead)

      User-added image
  2. Make a note of the DNS Servers and Search Domains configured here. (Or ask the System Administrator for these settings)
     
  3. Exit back out and enter the VPN interface settings:
    • System Preferences > Network > select the VPN interface > Advanced > DNS tab
       
    • (If using a third-party VPN software, please go to the equivalent configuration settings for that software)

      User-added image
       
  4. Insert the DNS Servers and Search Domains into the corresponding fields.
     
  5. Apply the settings and connect the Mac using the VPN connection.
     
  6. After a few moments, either run the Terminal command adinfo, or refresh the view in:
    • System Preferences > Centrify > Welcome > Account Configuration
  7. It should now show: CentrifyDC mode: Connected

Notes:
  • Once the VPN is set up correctly, the user can update their password remotely using the steps in the following KB:
  • These network settings can also be pushed via Group Policy when the Centrify agent is running in Licensed Mode, but be aware that the GP will push the settings to the currently active interface and network location on the Mac and overwrite any existing settings:
    • Computer Configuration / Centrify Settings / Mac OS X Settings / Network / "Adjust list of DNS servers"
    • Computer Configuration / Centrify Settings / Mac OS X Settings / Network / "Adjust list of searched domains"
  • If the CentrifyDC mode still shows "Disconnected", check that the Active Directory ports are not blocked for remote connections:
  • To configure the Mac agent to use a specific set of DNS servers and bypass OS-specified values, see the following KB:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.