Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

identity awareness terminal server in r80.20

hello.
i have url filtering in checkpoint and it filters trafiс with username , i've activated identity awareness with AD query and it is working normaly for computers , but i have terminal server , where many users are connected . i've installed terminal agent soft and in checkpoint side i 've activated terminal server with shared secret in identyti awareness, when i try to connect from terminal server agent  it stay disconected and in logs  it says that domain cannot find .  if i delate shared secret from terminal agent then it is conected , but in checkpoint log , the trafic is droped bacause no shared secret.
plaese help 

0 Kudos
6 Replies
Highlighted
Admin
Admin

The actual error messages you are encountering would be helpful as would the version of the MUH agent.
Also possible this SK may help: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Highlighted
Nickel

i changed Muh agent and installed a new version , but the problem is same .
in log of checkpoint there is this messige :
Failed to get users groups for domain. verify that this domain name configured in your LDAP Account Unit.
Domain: "example.com"
But we have this domain: "corp.example.com" and in log is only "example.com" . i think this is reason why it doesnot work.
I don't know , where does it see this domains , when i everyware used "corp.example.com"

0 Kudos
Highlighted
Admin
Admin

@Royi_Priov what do you think?

0 Kudos
Highlighted
Employee+
Employee+

Hi,

The domain is taken from the user authentication done on the TS machine.

We can on one hand try with the environment variable "ALL_AUS_GRP=1" to force PDP to try and look the user in all LDAP account units, but I prefer you to open ticket with TAC to get this investigated properly.

 

Thanks,

Royi.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Highlighted

hi,

 

i have also problem with TS-Agent. 

Management is on R80.20 Take 47 and GW is R77.30 Take 345.

i have installed version R80.180.0000, but same error with R77.30 Agent.

debug of pdpd.elg:

 

Found AU: DOMAINNAME__AD for domain: DOMAINNAME [ 9894 4100249280]@bill02[29 May 14:55:20] au_realm_fetchuser_by_domain: Error: Domain DOMAINNAME exists but not used by Realm identity_agent

 

ADquery is working without Problems, so LDAP-AccountUnit seems to be setup correctly.

 

any ideas?

0 Kudos
Highlighted
Nickel

hello .
I've solved this  problem . solution is here. (sk87200 )

 

Thanks everyone, I am very happy. 😄 

0 Kudos