11 April,19 at 11:51 AM
These days I see a lot more technical folks using Linux as their primary work desktop, especially in the Public Sector community since Centrify supports smart cards on Linux. However many of these customers are forgetting to configure these Linux desktops properly in terms of how they are licensed, and this ends up causing compliance problems when they run their License Reports. This is because by default, the adjoin command will join a Unix/Linux machine to Active Directory as a server, and therefore end up consuming a Centrify server license. To avoid this problem in the first place, the adjoin command has the “-t” option to specify the license type, with the parameter “workstation” used to represent a desktop.
The good news is that even if you didn’t set the license type correctly during the join, you can do it anytime with the adlicense command. You can use the “-h” option to display the help, and you’ll see the “-q” option to query the current license status. You can see these options in the screenshot below, where a CentOS 7 desktop has been misconfigured to use a server license.
You can also view a Unix/Linux machine’s License Type in Active Directory, by using the Microsoft Active Directory Users and Computers (ADUC) tool to view the properties of the computer object. If you have the Centrify ADUC extensions installed on your windows machine, then you can choose the Centrify Profile tab on the top, and you’ll see the License Type displayed.
If you don’t have the Centrify ADUC extensions, then you won’t have the Centrify Profile tab displayed, however you can still view the current License Type setting by choosing the Attribute Editor tab, and looking at the postalAddress attribute.
The reason you want this License Type attribute correctly set in your AD is because that is where the Centrify Licensing Report tool looks when it runs and calculates license compliance. For example, in the screenshot below from my lab, you can see that my Licensing Report found 4 Unix/Linux servers and 1 Unix/Linux Workstation. However in reality this Lab consists of 3 Linux Servers and 2 Linux desktops, so I need to fix this misconfiguration. BTW I’m using a temporary Evaluation key in this lab so that is why my report shows Zero (0) Licenses found, but that’s ok, since for now we are concerned with the total agent count and their corresponding type.
To fix this misconfiguration, I need to run the adlicense command from the CentOS machine that will be modified, and I’ll change the License Type from server to workstation using the command “adlicense -t workstation”. The adlicense command needs to be run with root privilege, so I’ll use Centrify’s dzdo command, which in my lab has been configured to require MFA.
After running this command, when I go back to ADUC and look at that computer object’s properties, the License Type has changed to workstation.
And now Centrify’s Licensing Report will correctly show that 2 of my Linux machine are desktops and will consume workstation licenses.