Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Claudio_Bartoli
Explorer

Established VPN connection via Endpoint Security make me unable to login on OsX

Hi all,

I'm facing a very strange behaviour using Endpoint Security E80.89 on OsX High Sierra 10.13.6.

When I'm connected in VPN I'm unable to login on my own computer in different ways:

Command Line

Simply opening a Terminal app on on my mac, bash does not start normally.

The terminal says:

Login incorrect

login: 

I work a lot with Terminals, and I would like to open any bash terminal in any conditions Smiley Happy 

Login Page

If I lock the screen, to take a coffee in example, I'm unable to login again to my computer.

The only way that I found is to cut the power in a very unsafe way.

Is anyone facing the same behaviour and can I workaround this ?

It's really annoying

Claudio

0 Kudos
9 Replies
G_W_Albrecht
Legend
Legend

I have never heard of such an issue - what about the User Accounts on the Mac ?

CCSE CCTE SMB Specialist
0 Kudos
Claudio_Bartoli
Explorer

The Mac is on ActiveDirectory domain and the user is LDAP user.

User has admin rights locally on the machine.

0 Kudos
G_W_Albrecht
Legend
Legend

I would suggest to involve TAC here !

CCSE CCTE SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

I ran into this problem a while back and was able to resolve it.

I don't remember exactly what I did to resolve it, but you might try some of the suggestions here: Mac OS X Terminal not logging in - Super User 

0 Kudos
Claudio_Bartoli
Explorer

I'm not sure is the same things.

My issue is not limited to the terminal but invoves the whole os!

If I lock my user while VPN connection is established I'm out and I'm not able to connect again.

With VPN disconnected both OsX login and Terminal works as expected.

With VPN connected I'm unable to start a new terminal and a re-login to an opened OsX session.

0 Kudos
PhoneBoy
Admin
Admin

As Gunther suggested earlier, a TAC case is probably in order then.

How To Open a Case with TAC and/or Account Services

0 Kudos
Claudio_Bartoli
Explorer

I have not a direct support agreement with Check Point.

A customer gave me a checkpoint VPN but is quite impossibile to involve them to make a TAC request on my behalf.

0 Kudos
PhoneBoy
Admin
Admin

The VPN client on the Mac is meant for endpoints managed by the organization.

It includes (among other things) a desktop firewall, which may be partially responsible for what's happening.

The SNX client with Mobile Access Blade might be better for your use case.

However, your customer would need to have this configured.

0 Kudos
Claudio_Bartoli
Explorer

I had finally resolved my issue.

I figured out that OsX  query LDAP server on each single login without any kind of caching by default.

In my case i was on iMac with ethernet connectivity.

 

To enable LDAP cache feature, the OsX account must be a Mobile Account.
https://community.spiceworks.com/topic/103386-active-directory-user-login-in-macosx

 

Maybe the active VPN, make the system unable to figure out witch is the domain controller (maybe the main cause could be the default DNS suffix rewrite ?)

0 Kudos