search

joshua-d-miller / macOSLAPS

Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
MIT License
383 stars 57 forks source link

Centrify compatibility #9

Closed Dtripo closed 4 years ago

Dtripo commented 6 years ago

Wanted to see if this application is compatible with the Centrify MAC client that is used to bind a MAC to AD.

I assume not only because as I have the application installed but when I use macOSLAPS I get an error message of "Unable to connect to Active Directory" when my Centrify client shows that I am connected.

joshua-d-miller commented 6 years ago

Hello there,

I'm not too familiar with Centrify but I'm assuming they are using something other than the AD plugin built into macOS to connect to Active Directory which might be why we are seeing the error. I'll have to look into how Centrify binds to AD and if there are any ways to utilize their plugin with macOSLAPS.

ilikebigruts commented 6 years ago

Hi All,

I just thought I would throw in some info I got from Apple here, I stumbled across what I would call a bug with Apple's AD Authentication process and reached out to Apple. To keep a long story short part of the response I got back from Apple was ...

"Generally, we are moving away from AD binding at an OS level longer term - It may be worth having a chat with the Apple Consultants Network around this but there are some third party options here..."

By third party options I assume they meant products such as Centrify so if this tool could be made to work with Centrify that would be awesome.

joshua-d-miller commented 6 years ago

So I'm not entirely sure how Centrify binds or doesn't bind to Active Directory but we would need to see how the Centrify plugin interacts with Active Directory so we could change the script accordingly. Once we have this piece in we can make a preference maybe called UseCentrify.

ChristusM commented 6 years ago

Any movement on Centrify support?

joshua-d-miller commented 5 years ago

@ChristusM:

Unfortunately, I have no way of testing this as I don't have Centrify. I'm assuming the device still technically binds to active directory with Centrify so the password would technically still be stored the same way. I believe Centrify is just a way of binding the mac to AD that is slightly different than traditional binding with macOS right?

joshua-d-miller commented 4 years ago

@ChristusM,

I believe it seems that Centrify is moving away from macOS Active Directory integration so this is unfortunately not planned but if you'd like you can fork the project and create the compatibility. I would gladly accept a pull request to add the integration.

Thanks!