JSS reports Active Directory Status as "Not Bound" when bound using Centrify 5.2.4

@Field

It’s possible you may be running into an issue that we’re aware of.

With El Capitan, we had to move our binaries from /usr/sbin, as did everyone else, so the build of Centrify for El Capitan moved theirs to /usr/local/sbin/adjoin.
However, our binary still looks for it in /usr/sbin/adjoin and finds it ‘not installed’ because it’s looking in the wrong place.

If this is what you’re seeing, you’ll see the following in the jamf.log on an affected client:

Preparing to bind to AD using Centrify... 
Error: Centrify does not appear to be properly installed. (/usr/sbin/adjoin is missing)

If that error appears, it’s possible that you’re running into the issue we’re aware of (D-009723).

If you do see that error on El Capitan machines that aren’t binding to Centrify correctly, please get in touch with your Technical Account Manager so they can verify or rule out the possibility of D-009723 and get a case attached to it for tracking if necessary.

If that error does not appear in the jamf.log, something else may be going on, and it’d be a good idea to get in touch with your Technical Account Manager so we can help dig into it further.

Thanks!
Amanda Wulff
JAMF Software Support

Hi @amanda.wulff

Yeah it's probably related then if the recon command is looking in the old location as the only version affected is 5.2.4 which moves the binary.

I'll give our Technical Account Manager a shout as you suggest so it can be tracked.

Thanks

Hi @Field

Just wanted to confirm @amanda.wulff's statement - in Centrify Mac agent version 5.2.4 (and onwards), we moved everything that we used to place in /usr/... location to their corresponding locations under /usr/local/... .

This is to comply with El Capitan's new System Integrity Protection feature.

Once JSS is updated with the new path location, you should things go back to normal again.

Hope that helps and kind regards,
Brian

Disclosure: I work in the Support Team at Centrify.

Hi @Field & @amanda.wulff I realize this is an old thread, but I am just now encountering the same issue. How do I update the JSS to point to the new path location?

Hi @Gocobachi

I ended up creating an Extension attribute to report back whether the Mac was bound to the domain or not and then reported on that.

As far as i'm aware JAMF would need to update the location in their JSS release unless i'm mistaken, maybe @amanda.wulff could confirm?

When i noticed the problem we were on 9.81 and are now on 9.82 and problem still exists so hopefully will be fixed in a future release.

Might be worth checking out the current beta to see if its fixed in that release.

I've requested access to the beta so will stick on my test lab and post back if all is fixed.

We've created EA's for this stuff since JAMF is taking quite a long time to fix this.

Thanks all for the responses. @Field I will look at this reporting back extension you described...seems like that would be useful. By the way, what is the workflow that you have in place? I am currently writing up/test a custom script.

After further testing it appears that this is still not fixed in the current 9.9 beta.

Hopefully this will someday get fixed. I have not upgraded to 9.9x yet.

I wrote this a while back. I thought this thread would be perfect time to dust it off and post. Hopefully this helps people here until this is fixed.

https://github.com/franton/Centrify-AD-Bind