https://community.checkpoint.com/t5/General-Topics/linux-authetication-and-ADQuery/m-p/117355#M21855 <P>Yes, to me it sounded logical, however out of the box it didn't worked. I am not very good in this subject hence the question if anyone has it working.</P> <P>&nbsp;</P> <P>My impression that linux would generate event with different ID, while ADQuery tracks only specific events</P> <P><SPAN>sk60501 -&nbsp;</SPAN>The necessary events are:</P> <UL> <LI>Windows 2003 servers: 672, 673, 674</LI> <LI>Windows 2008 servers: 4624, 4768, 4769, 4770.</LI> <LI>Windows 2012 servers:&nbsp;4624*, 4768*, 4769*, 4770*</LI> </UL> <P>&nbsp;</P> Fri, 30 Apr 2021 13:18:52 GMT abihsot__ 2021-04-30T13:18:52Z https://community.checkpoint.com/t5/General-Topics/linux-authetication-and-ADQuery/m-p/117313#M21851 <P>Hello,</P> <P>&nbsp;</P> <P>Does anyone have such setup, where user authenticates to linux machine with AD credentials and identities are picked up by ADQuery?</P> <P>&nbsp;</P> Fri, 30 Apr 2021 07:01:29 GMT https://community.checkpoint.com/t5/General-Topics/linux-authetication-and-ADQuery/m-p/117313#M21851 abihsot__ 2021-04-30T07:01:29Z https://community.checkpoint.com/t5/General-Topics/linux-authetication-and-ADQuery/m-p/117352#M21853 <P>Logically this should work the same as a Windows machine. If your Linux machines are authenticating to AD, ADQ is a registered DCOM connection from the GW's participating in IA to your AD servers. It has nothing to do with linux. Via that DCOM connection AD will push all logins/logouts to your GW to compile the local database to match against the access role you would use in policy.&nbsp;</P> <P>&nbsp;</P> <P>This should be explained further in&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk60301#How%20AD%20Query%20(ADQ)%20works" target="_self"><SPAN>sk60301</SPAN></A>&nbsp;</P> Fri, 30 Apr 2021 12:54:15 GMT https://community.checkpoint.com/t5/General-Topics/linux-authetication-and-ADQuery/m-p/117352#M21853 Mike_A 2021-04-30T12:54:15Z https://community.checkpoint.com/t5/General-Topics/linux-authetication-and-ADQuery/m-p/117355#M21855 <P>Yes, to me it sounded logical, however out of the box it didn't worked. I am not very good in this subject hence the question if anyone has it working.</P> <P>&nbsp;</P> <P>My impression that linux would generate event with different ID, while ADQuery tracks only specific events</P> <P><SPAN>sk60501 -&nbsp;</SPAN>The necessary events are:</P> <UL> <LI>Windows 2003 servers: 672, 673, 674</LI> <LI>Windows 2008 servers: 4624, 4768, 4769, 4770.</LI> <LI>Windows 2012 servers:&nbsp;4624*, 4768*, 4769*, 4770*</LI> </UL> <P>&nbsp;</P> Fri, 30 Apr 2021 13:18:52 GMT https://community.checkpoint.com/t5/General-Topics/linux-authetication-and-ADQuery/m-p/117355#M21855 abihsot__ 2021-04-30T13:18:52Z