Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Established VPN connection via Endpoint Security make me unable to login on OsX

Hi all,

I'm facing a very strange behaviour using Endpoint Security E80.89 on OsX High Sierra 10.13.6.

When I'm connected in VPN I'm unable to login on my own computer in different ways:

Command Line

Simply opening a Terminal app on on my mac, bash does not start normally.

The terminal says:

Login incorrect

login: 

I work a lot with Terminals, and I would like to open any bash terminal in any conditions Smiley Happy 

Login Page

If I lock the screen, to take a coffee in example, I'm unable to login again to my computer.

The only way that I found is to cut the power in a very unsafe way.

Is anyone facing the same behaviour and can I workaround this ?

It's really annoying

Claudio

0 Kudos
9 Replies
Highlighted
Champion
Champion

I have never heard of such an issue - what about the User Accounts on the Mac ?

0 Kudos
Highlighted

The Mac is on ActiveDirectory domain and the user is LDAP user.

User has admin rights locally on the machine.

0 Kudos
Highlighted
Champion
Champion

I would suggest to involve TAC here !

0 Kudos
Highlighted
Admin
Admin

I ran into this problem a while back and was able to resolve it.

I don't remember exactly what I did to resolve it, but you might try some of the suggestions here: Mac OS X Terminal not logging in - Super User 

0 Kudos
Highlighted

I'm not sure is the same things.

My issue is not limited to the terminal but invoves the whole os!

If I lock my user while VPN connection is established I'm out and I'm not able to connect again.

With VPN disconnected both OsX login and Terminal works as expected.

With VPN connected I'm unable to start a new terminal and a re-login to an opened OsX session.

0 Kudos
Highlighted
Admin
Admin

As Gunther suggested earlier, a TAC case is probably in order then.

How To Open a Case with TAC and/or Account Services

0 Kudos
Highlighted

I have not a direct support agreement with Check Point.

A customer gave me a checkpoint VPN but is quite impossibile to involve them to make a TAC request on my behalf.

0 Kudos
Highlighted
Admin
Admin

The VPN client on the Mac is meant for endpoints managed by the organization.

It includes (among other things) a desktop firewall, which may be partially responsible for what's happening.

The SNX client with Mobile Access Blade might be better for your use case.

However, your customer would need to have this configured.

0 Kudos
Highlighted

I had finally resolved my issue.

I figured out that OsX  query LDAP server on each single login without any kind of caching by default.

In my case i was on iMac with ethernet connectivity.

 

To enable LDAP cache feature, the OsX account must be a Mobile Account.
https://community.spiceworks.com/topic/103386-active-directory-user-login-in-macosx

 

Maybe the active VPN, make the system unable to figure out witch is the domain controller (maybe the main cause could be the default DNS suffix rewrite ?)

0 Kudos