topic Re: Identity Awareness forMacbook user? in Firewall and Security Management

Identity Awareness forMacbook user?

Cypress — Thu, 06 Apr 2023 20:46:00 GMT

Hello, all! We use Identity Collector in our environment (R81.10). Everything is working fine for most of our users, they are getting Identity assigned on the gateways, getting the AD Group info, and matching the appropriate rules, etc. These users are mostly all on Windows workstations. Now, we have a user on a Macbook that doesn't get Identity Awareness on the gateways... in the Logs it shows just their IP with no username, and in CLI on the gateway, if I do "pdp monitor ip x.x.x.x" it says "no information found for x.x.x.x."

So, basically no Identity Awareness for this user at all!

Now I know Identity Collector is an app that interfaces with Windows Active Directory via the Microsoft API, and I know this is a Macbook we're talking about... however, the help desk says this Macbook is joined to AD, and the user tells me they sign into the Macbook with their AD credentials. So with that being said, shouldn't this work? Or, because it's a Macbook, do the login events "look" different in AD somehow, and Identity Collector doesn't recognize those? Is there any work-around, or any ideas on what is going on?

Re: Identity Awareness forMacbook user?

Sorin_Gogean — Fri, 07 Apr 2023 07:10:09 GMT

Hello @Cypress ,

I can confirm the behavior you're seeing, as indeed we are not seeing any event from AD when some of our Users that are with MAC's are logging on their non-windows boxes.

I can see from Linux boxes, but not from MAC's , so I'll look around and see what I can find.

Thank you,

PS: could the Identity agent work (see sk63920)

Re: Identity Awareness forMacbook user?

Cypress — Fri, 07 Apr 2023 20:48:31 GMT

Thanks for looking into it. I will research into the agent, maybe we can put that on the small number of MAC users we have. The odd thing is, pretty sure this was working on AD Query. We switched from AD Query to Identity Collector last year (I imagine most Check Point users did the same!)

Re: Identity Awareness forMacbook user?

PhoneBoy — Sat, 08 Apr 2023 01:08:55 GMT

If Mac users generate the same event logs as Windows users, it should work.
You would have to check in the relevant Windows servers to see if the same events are there as for a Windows user.
If you can confirm the relevant events are there for Mac and they're not getting read correctly, I recommend a TAC case: https://help.checkpoint.com

Otherwise, you'll need to use other methods to acquire identities from Mac users (either Transparent Kerberos, Identity Collector, or Captive Portal).