Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Cypress
Contributor

Identity Awareness forMacbook user?

Hello, all!  We use Identity Collector in our environment (R81.10).  Everything is working fine for most of our users, they are getting Identity assigned on the gateways, getting the AD Group info, and matching the appropriate rules, etc.  These users are mostly all on Windows workstations.  Now, we have a user on a Macbook that doesn't get Identity Awareness on the gateways... in the Logs it shows just their IP with no username, and in CLI on the gateway, if I do "pdp monitor ip x.x.x.x" it says "no information found for x.x.x.x."

So, basically no Identity Awareness for this user at all!

Now I know Identity Collector is an app that interfaces with Windows Active Directory via the Microsoft API, and I know this is a Macbook we're talking about... however, the help desk says this Macbook is joined to AD, and the user tells me they sign into the Macbook with their AD credentials.  So with that being said, shouldn't this work?  Or, because it's a Macbook, do the login events "look" different in AD somehow, and Identity Collector doesn't recognize those?  Is there any work-around, or any ideas on what is going on?

0 Kudos
3 Replies
Sorin_Gogean
Advisor

Hello @Cypress ,

 

I can confirm the behavior you're seeing, as indeed we are not seeing any event from AD when some of our Users that are with MAC's are logging on their non-windows boxes.

I can see from Linux boxes, but not from MAC's , so I'll look around and see what I can find.

 

Thank you,

PS: could the Identity agent work (see sk63920)

0 Kudos
Cypress
Contributor

Thanks for looking into it.  I will research into the agent, maybe we can put that on the small number of MAC users we have.  The odd thing is, pretty sure this was working on AD Query.  We switched from AD Query to Identity Collector last year (I imagine most Check Point users did the same!)

0 Kudos
PhoneBoy
Admin
Admin

If Mac users generate the same event logs as Windows users, it should work.
You would have to check in the relevant Windows servers to see if the same events are there as for a Windows user.
If you can confirm the relevant events are there for Mac and they're not getting read correctly, I recommend a TAC case: https://help.checkpoint.com

Otherwise, you'll need to use other methods to acquire identities from Mac users (either Transparent Kerberos, Identity Collector, or Captive Portal).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events