2 June,17 at 09:41 AM
Applies to: All version of Centrify DirectControl
Question:
How to configure Centrify in order to show Caller computer name from Windows Event Log?
Workaround:
Centrify supports marking the caller computer name when AD user trying to authenticate on Linux / UNIX machines. However, additional parameter has to be set in order to do that.
The parameters that is needed to be set at /etc/centrifydc/centrify.conf are the following:
adclient.krb5.send.netbios.name: true
adclient.krb5.use.addresses: true
Please see the example below:
Before setting the parameter, Caller computer name is show empty from the Windows Event log:
AS_req packet has no address information as well:
Once we have set the parameter on the machine’s config file, Caller computer name successfully show up on both Windows Event log and network trace:
NOTE: If you would like to deploy this settings to multiple Linux/UNIX machines, you can utilize the following Group Policy to deploy the parameter:
Computer configuration > Centrify Settings > DirectControl Settings > Add centrifydc.conf properties
Please set:
Property name: adclient.krb5.use.addresses
Property value: true
Property name: adclient.krb5.send.netbios.name
Property value: true
After that, please run "adgpupdate" at the Linux/UNIX machines for immediate effect or wait for 90-120 minutes for the group policy to take effect.