Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-8789: How to configure Centrify in order to show Caller computer name from Windows Event Log?

Authentication Service ,  

2 June,17 at 09:41 AM

Applies to: All version of Centrify DirectControl
How to configure Centrify in order to show Caller computer name from Windows Event Log?
Centrify supports marking the caller computer name when AD user trying to authenticate on Linux / UNIX machines. However, additional parameter has to be set in order to do that.
The parameters that is needed to be set at /etc/centrifydc/centrify.conf are the following: true
adclient.krb5.use.addresses: true

Please see the example below:
Before setting the parameter, Caller computer name is show empty from the Windows Event log:
 User-added image
AS_req packet has no address information as well:
 User-added image
Once we have set the parameter on the machine’s config file, Caller computer name successfully show up on both Windows Event log and network trace:
 User-added image
User-added image
NOTE: If you would like to deploy this settings to multiple Linux/UNIX machines, you can utilize the following Group Policy to deploy the parameter:
Computer configuration > Centrify Settings > DirectControl Settings > Add centrifydc.conf properties
Please set:
Property name: adclient.krb5.use.addresses
Property value: true

Property name:
Property value: true

After that, please run "adgpupdate" at the Linux/UNIX machines for immediate effect or wait for 90-120 minutes for the group policy to take effect.