Verify you can log in

If an administrator has installed the Centrify agent on a UNIX or Linux computer you use, the next step is to verify that you can log in successfully. The Centrify agent does not change how you log in to your computer. However, you must be assigned at least one role that allows you to log in.

When you are prompted for a user name and password, type your Active Directory or UNIX user name and your Active Directory password. If you provide valid credentials and have been assigned a role with permission to log in, you should be able to log in to your computer with a standard UNIX shell. If this is a computer you used earlier, before it became a Centrify-managed computer, there should be no noticeable changes to your working environment.

As a part of the deployment of Centrify software, your computer may or may not have been joined to a zone. To verify that the Centrify agent is installed, that you are connected to an Active Directory Domain, and that you are connected to a zone, run the adinfo command. For example, if you are a user named billy in a zone named KHeadquarters, your output may look similar to the following:

[billy@kh-rh Desktop]$ adinfo
Local host name:   kh-rh
Joined to domain:  demo.acme.com
Joined as:         kh-rh.demo.acme.com
Pre-win2K name:    kh-rh
Current DC:        deploy.acme.com
Preferred site:    Default-First-Site-Name
Zone:              demo.acme.com/Program Data/Centrify/Zones/KHeadquarters
CentrifyDC mode:   connected
Licensed Features: Enabled

To learn more about commonly used commands that may be available to you, see Commands available for users.

If the Centrify agent is installed but not connected to a zone, or if the agent is not installed on your local computer, you should contact your administrator.

If the zone information for the agent is configured, but the agent status is Disconnected, restart the agent.

To restart the agent type the following:

$ adclient -x
$ adclient

If the agent status is still Disconnected, contact your system administrator.

Multi-factor authentication

Your organization may require multi-factor authentication in order for you to log in to your computer, or to execute commands using elevated privileges (dzdo) in a normal or restricted shell (dzsh) environment.

If multi-factor authentication is required as part of the login process, you will have to provide a password as well as a second form of authentication to log in to your computer. If multi-factor authentication is required as part of a re-authentication process, such as when you use command rights with elevated privileges or in a restricted shell, you must provide a password and either one or two other forms of authentication other than a password.