- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
We have an AD and a working SSSD configuration for unix server. The identity awareness blade is configured via the collector and unfortunately (as far as I know) there is no agent for unix server.
If checking a specific server via "pdp monitor" every unix server has a domain controller as machine_name, which is obviously wrong.
Any hints on how to fix this?
As far as I know, Check Point Identity Collector is reading the Active Directory security logs just like the old AD Query did, but with a different (and more robust and scalable) approach.
What I want to say: Have you checked the Active Directory security logs for log-in events from these unix servers? Do they look different, than the ones from Microsoft servers? If yes, do they have the needed and correct information in them?
If the needed and correct information is there, but just the format is different, then Check Point could improve their Identity Collector code to support this scenario.
If the security logs do not contain the correct information, than Check Point cannot do anything and you have to reconfigure (or even patch) SSSD to provide the correct information during authentication process so that the domain controllers have a chance to write usefull security logs.
Sorry, I do not have access to such a setup at the moment to provide you with own findings, I just want to help you to get one step further in troubleshooting, when nobody from the community has answered after a week 🙂
hey,
i think you have smth wrong with the Linux and AD part there, as for us, we can see clearly the machine (IP is showed on purpose) and the user (actually is the last user that logged on that machine).
also the pdp monitor on Linux Node:
and on an windows node:
Thank you,
PS: I don't get it why are you afraid in showing pictures of errors or whatever you consider being wrong, and blur whatever is unnecessary....
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY