Skip navigation

Centrify anyone using it?

3421 Views 6 Replies Latest reply: Mar 19, 2013 8:39 AM by SWRobinson RSS
rareapple Level 1 Level 1 (0 points)
Currently Being Moderated
Feb 21, 2011 10:56 AM
Hi All
Anyone out there actually extended their AD schema? Or are using Centrify?
I wanted to find out your experience, in either and if Centrify needs to have a client application installed on the machine for it to run.
Any feedback is really appreciated.
Cheers
iMac / MacPro/ MacBook Pro / MacBook / OS X Server, Mac OS X (10.6.6), Experience with Active Directory OUs/GPOs, Windows 2003/XP
  • Jarek Bingo MacGee Level 1 Level 1 (5 points)
    Currently Being Moderated
    Feb 22, 2011 1:11 PM (in response to rareapple)
    Centrify is OK if you are looking to integrate some Macs along with a lot of Linux or Unix machines, but really doesn't do anything more than Apple's built-in AD. Quest and Likewise are the same, basically using Apple's AD plugin, and relying on the Mac OS to support certain features.

    The biggest problem with them - in my opinion - is that you have to install stuff on your server. When I was migrating, I didn't want to change my AD at all, just bring my Macs into the fold.

    I use (and suggest to my clients) ADmitMac from Thursby, a replacement of both the Active Directory plugin and the SMB client. It's client side, so nothing has to be installed or changed on the DCs, and is the only client that I've found that supports DFS.

    ... and every time I've had to call support, I've talked to a live person.

    Just my $.02.
    Imac Core 2 Duo, Mac OS X (10.6.6)
  • tizz23 Calculating status...
    Currently Being Moderated
    Feb 22, 2011 1:45 PM (in response to rareapple)
    Centrify is an agent based technology, so yes you would install an agent on the Mac workstation. They are extending Kerberos out to the Mac which is how the authentication method is achieved. From a management perspective, you would install an MMC snap-in on the window admin console to administer controls via AD users & computers. The nice thing about their product is that there is no extension of the AD schema(labor intensive) and you don't have any additional software to install on your domain controllers.

    I know that they are the leader in this space... check out their product focused on the Macs: http://www.centrify.com/solutions/mac-os-desktop-management.asp
    Macbook Pro, Mac OS X (10.6.6)
  • Rperin Calculating status...
    Currently Being Moderated
    Feb 22, 2011 2:39 PM (in response to tizz23)
    Apple's own white paper on AD mentions Centrify, Likewise and Thursby as solutions
    http://www.seminars.apple.com/contactme/pdf/L334436BActiveDirectWP.pdf

    http://www.likewise.com/products/likewiseenterprise/grouppolicies-linux-unix-mac.php

    http://www.thursby.com/products/admitmac.html

    Which is the leader? Oldest? Most installs? Most ad spending?
    MBA, Mac OS X (10.6.6)
  • Centrify_Keith Calculating status...
    Currently Being Moderated
    Mar 2, 2011 2:48 PM (in response to Rperin)
    tizz23 was right on with his description of Centrify functionality. You can try out our free product, Centrify Express, here:

    http://www.centrify.com/express/free-active-directory-tools-for-linux-mac.asp

    On those pages you'll be able to find out all about Centrify Express and download it.

    If you want to know more about our software you'll find all kinds of information about it as well as demo and instructional videos to show you how it all works.

    -Keith Moreau
    Centrify Project Manager
    Mac Pro
  • Yvo van Doorn Level 2 Level 2 (245 points)
    Currently Being Moderated
    Mar 3, 2011 12:08 PM (in response to rareapple)
    Always find it odd to see three posts recommending a specific solution and having a post count of one. I am not going to make this an us versus them argument but I do work for Likewise and have been a long time apple user. OS X does provide it's own solution but it doesn't scale well in large situations, in part because Apple doesn't spend a lot of focus in this area and another because it uses an older version from a solution called Samba. In any case a lot of folks want something else. 

    All three solutions in Apple's doc takes care of the problem - which is integrating OS X with AD. All three bring different technologies to the table. Likewise Open, the open source solution does base authentication well. Likewise Enterprisr specifically can use Workgroup Manager and store policies in AD without modifying the schema or requiring OD. It is our unique offering allowing Mac admins be Mac admins without having to convince your AD guys to do something funny. 

    In summary - all solutions offer more functionality than Apples plugin but I'm not going to convince to go Likewise - I  instead encourage you to try the solutions you think will work best for you and your environment. 

    Regards,

    Yvo van Doorn
    MBP, Mac OS X (10.6)
  • SWRobinson Calculating status...
    Currently Being Moderated
    Mar 19, 2013 8:39 AM (in response to rareapple)

    I am not a Network guru, but I am managing a new implementation of Network, and GP for our company of 35 people.  We are primiarily a Mac shop, but also use VMWare for Windows on most of our Macs, and also have several Windows machines, and we use SQL.

     

    The one thing we discovered with Centrify for Mac is that it doesn't have all the same features as the Windows version does.  (Specifically, you can't open a helpdesk ticket directly from the App in Mac, but you can in the Windows version).  Our Mac users have to submit helpdesk support tickets through the URL instead.  Inconvenient, but not a show-stopper.

     

    The bigger issue we are having is as we migrate Macs into the GP for the first time, the Centrify App installs a new Mac Profile on the users machine.  A user who already has a user profile on his/her Mac with all of her preferences, etc, has to re-do everything in the new profile.  Very inconvenient.  We haven't yet found a work-around for this.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.