WINDOWS SECURITY AND DIRECTORY SERVICES FOR UNIX USING CENTRIFY DIRECTCONTROL
57
© CENTRIFY CORPORATION 2004-2005. ALL RIGHTS RESERVED.
PAGE 57
Joined as:
ComputerName
For more information about using the adinfo command, see "Confirm UNIX
Computer Membership in Active Directory" under "Performing Quick Validation
Tests" earlier in this guide.
2. Check log on process:
Ask a user to log on to a computer. Monitor the log on process to make sure that the
log on works and that the user does not experience any difficulty logging on.
3. Check log file:
Review the contents of the
/var/log/messages
file (or similar file) on the UNIX
computer. Check whether there are problems, or if a failure occurs.
4. If necessary, roll back:
If the join fails or log ons do not function correctly, you can run the leave Active
Directory (adleave) command to restore the UNIX computer to its previous state.
You can find information about the adleave command in the UNIX man page for
adleave(1). Resolve any issues, and then retry the adjoin command.
5. Perform additional tests described earlier in this guide:
Refer to the testing guidelines in "Performing Quick Validation Tests" in the section
"Developing the Solution" and to the guidelines in "Testing the DirectControl Solution"
in the section "Testing and Stabilizing Authentication and Authorization" earlier in this
guide to perform the following tests. Use the tests that are appropriate for your
deployment.
·
Confirming
Configuration of Users and Groups
·
Testing Workstation Authorization Policies
·
Testing Account Lockout Policies
·
Testing Password Management Policies
·
Testing Offline Authentication
·
Testing Additional Administrative Tasks
After the UNIX computers are stable, monitor them closely for the first few days. When
you are satisfied that Active Directory authentication and authorization are functioning as
expected, you can use DirectControl to enable Active Directory authentication for
additional services, such as Web applications. Refer to the Centrify documentation for
information about extending DirectControl to other services.
Major Milestone: Deployment Complete
Your deployment of the Centrify DirectControl solution to reach a stable the End State is
complete. At this point, the following capabilities are enabled:
·
Users can use their Active Directory credentials to log on to Windows, UNIX, or Linux
computers. The same user name and password can be used for all three types of
computers.
·
User information previously stored in one or more UNIX directory systems is now
imported into Active Directory and is now linked to a valid Active Directory account for
each user.
·
If you chose to import the user information previously stored in one or more UNIX
directories into DirectControl Zones, users can also log on to the UNIX and Linux
computers with their previous UNIX user name and their Active Directory password.
·
Authentication for a user session is provided by Active Directory and Kerberos.
·
Standard Kerberos is fully functional on the UNIX computers.
·
Kerberized UNIX applications can now use Kerberos tickets from Active Directory
and can support a single sign-on experience without requiring the user to re-enter a
user name and password.