https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-with-AD-and-SSSD/m-p/149668#M24034 <P>hey,&nbsp;</P><P>&nbsp;</P><P>i think you have smth wrong with the Linux and AD part there, as for us, we can see clearly the machine (IP is showed on purpose) and the user (actually is the last user that logged on that machine).</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.png" style="width: 807px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16745i501F651B2551E187/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.png" alt="Untitled.png" /></span></P><P>&nbsp;</P><P>also the pdp monitor on Linux Node:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.png" style="width: 757px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16748i5C4B4BEC2A28907C/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.png" alt="Untitled.png" /></span></P><P>and on an windows node:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.png" style="width: 757px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16747iAFA585C5A494DE2F/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.png" alt="Untitled.png" /></span></P><P>&nbsp;</P><P>Thank you,</P><P>PS: I don't get it why are you afraid in showing pictures of errors or whatever you consider being wrong, and blur whatever is unnecessary....</P> Sat, 28 May 2022 17:45:22 GMT Sorin_Gogean 2022-05-28T17:45:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-with-AD-and-SSSD/m-p/148991#M23847 <P>We have an AD and a working SSSD configuration for unix server. The identity awareness blade is configured via the collector and unfortunately (as far as I know) there is no agent for unix server.</P><P>If checking a specific server via "pdp monitor" every unix server has a domain controller as machine_name, which is obviously wrong.</P><P>Any hints on how to fix this?</P> Thu, 19 May 2022 09:55:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-with-AD-and-SSSD/m-p/148991#M23847 User1234 2022-05-19T09:55:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-with-AD-and-SSSD/m-p/149596#M24005 <P>As far as I know, Check Point Identity Collector is reading the Active Directory security logs just like the old AD Query did, but with a different (and more robust and scalable) approach.</P> <P>What I want to say: Have you checked the Active Directory security logs for log-in events from these unix servers? Do they look different, than the ones from Microsoft servers? If yes, do they have the needed and correct information in them?</P> <P>If the needed and correct information is there, but just the format is different, then Check Point could improve their Identity Collector code to support this scenario.</P> <P>If the security logs do not contain the correct information, than Check Point cannot do anything and you have to reconfigure (or even patch) SSSD to provide the correct information during authentication process so that the domain controllers have a chance to write usefull security logs.</P> <P>Sorry, I do not have access to such a setup at the moment to provide you with own findings, I just want to help you to get one step further in troubleshooting, when nobody from the community has answered after a week <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 27 May 2022 08:08:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-with-AD-and-SSSD/m-p/149596#M24005 Tobias_Moritz 2022-05-27T08:08:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-with-AD-and-SSSD/m-p/149668#M24034 <P>hey,&nbsp;</P><P>&nbsp;</P><P>i think you have smth wrong with the Linux and AD part there, as for us, we can see clearly the machine (IP is showed on purpose) and the user (actually is the last user that logged on that machine).</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.png" style="width: 807px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16745i501F651B2551E187/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.png" alt="Untitled.png" /></span></P><P>&nbsp;</P><P>also the pdp monitor on Linux Node:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.png" style="width: 757px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16748i5C4B4BEC2A28907C/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.png" alt="Untitled.png" /></span></P><P>and on an windows node:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.png" style="width: 757px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16747iAFA585C5A494DE2F/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.png" alt="Untitled.png" /></span></P><P>&nbsp;</P><P>Thank you,</P><P>PS: I don't get it why are you afraid in showing pictures of errors or whatever you consider being wrong, and blur whatever is unnecessary....</P> Sat, 28 May 2022 17:45:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-with-AD-and-SSSD/m-p/149668#M24034 Sorin_Gogean 2022-05-28T17:45:22Z