On non-Windows computers, Centrify software consists of the core Centrify agent (adclient), related libraries, and optional tools. The Centrify agent enables the local host computer—most commonly a Linux or UNIX computer—to join an Active Directory domain.
When a Centrify-managed computer joins an Active Directory domain, it essentially becomes an Active Directory client and relies on Active Directory to provide authentication, authorization, policy management, and directory services. The interaction between the agent on the local computer and Active Directory is similar to the interaction between a Windows workstation and its Active Directory domain controller, including failover to a backup domain controller if the managed computer is unable to connect to its primary domain controller.
To use Microsoft Active Directory to centrally manage access across different platforms, you need to do the following:
- Prepare the Active Directory environment by installing the Centrify Access Manager console on at least one Windows computer and using the Setup Wizard to update the Active Directory forest.
- Ensure each UNIX, Linux, or Mac OS X computer can communicate with an appropriate Active Directory domain controller through DNS.
- Install the agent (adclient) on the UNIX, Linux, or Mac OS X computers that will be joining an Active Directory domain.
- Run the join command and specify the Active Directory domain on each UNIX, Linux, or Mac OS X computers that needs to join an Active Directory domain.
- Use Active Directory Users and Computers or Access Manager to authorize access to the UNIX, Linux, and Mac OS X computers for specific users and groups.
The next sections provide a more detailed discussion of the Centrify architecture and a summary of what happens when a user logs on to a UNIX computer that has joined the Active Directory domain.