Resolving VPN access issues with Mac OS X 10.7 and later

Starting with Mac OS X 10.7, /etc/resolv.conf is no longer used for domain controller name resolution. Therefore, some VPN programs no longer update DNS server information in /etc/resolv.conf when signing on. On computers running Mac OS X 10.7 and later, this can result in the computer not being able to connect to a domain controller through a VPN.

To resolve this issue, explicitly specify in centrifydc.conf the location of DNS servers that are used to resolve domain controller names:

  1. Open /etc/centrifydc/centrifydc.conf for editing.
  2. Specify the IP addresses of DNS servers in the dns.servers parameter (if the parameter does not exist yet, create it now):
    dns.servers: x.x.x.x y.y.y.y

    where x.x.x.x y.y.y.y are the IP addresses of the DNS servers to use. This example shows two IP addresses; note that each IP address is separated by a space.

  3. Save your changes to centrifydc.conf.

  4. Restart the agent for the changes to take effect:

    sudo /usr/local/share/centrifydc/bin/centrifydc restart