- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi all,
I'm facing a very strange behaviour using Endpoint Security E80.89 on OsX High Sierra 10.13.6.
When I'm connected in VPN I'm unable to login on my own computer in different ways:
Command Line
Simply opening a Terminal app on on my mac, bash does not start normally.
The terminal says:
Login incorrect
login:
I work a lot with Terminals, and I would like to open any bash terminal in any conditions
Login Page
If I lock the screen, to take a coffee in example, I'm unable to login again to my computer.
The only way that I found is to cut the power in a very unsafe way.
Is anyone facing the same behaviour and can I workaround this ?
It's really annoying
Claudio
I have never heard of such an issue - what about the User Accounts on the Mac ?
The Mac is on ActiveDirectory domain and the user is LDAP user.
User has admin rights locally on the machine.
I would suggest to involve TAC here !
I ran into this problem a while back and was able to resolve it.
I don't remember exactly what I did to resolve it, but you might try some of the suggestions here: Mac OS X Terminal not logging in - Super User
I'm not sure is the same things.
My issue is not limited to the terminal but invoves the whole os!
If I lock my user while VPN connection is established I'm out and I'm not able to connect again.
With VPN disconnected both OsX login and Terminal works as expected.
With VPN connected I'm unable to start a new terminal and a re-login to an opened OsX session.
As Gunther suggested earlier, a TAC case is probably in order then.
I have not a direct support agreement with Check Point.
A customer gave me a checkpoint VPN but is quite impossibile to involve them to make a TAC request on my behalf.
The VPN client on the Mac is meant for endpoints managed by the organization.
It includes (among other things) a desktop firewall, which may be partially responsible for what's happening.
The SNX client with Mobile Access Blade might be better for your use case.
However, your customer would need to have this configured.
I had finally resolved my issue.
I figured out that OsX query LDAP server on each single login without any kind of caching by default.
In my case i was on iMac with ethernet connectivity.
To enable LDAP cache feature, the OsX account must be a Mobile Account.
https://community.spiceworks.com/topic/103386-active-directory-user-login-in-macosx
Maybe the active VPN, make the system unable to figure out witch is the domain controller (maybe the main cause could be the default DNS suffix rewrite ?)
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY