This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
User1234
Contributor
‎2022-05-19 02:55 AM

Identity Awareness with AD and SSSD

We have an AD and a working SSSD configuration for unix server. The identity awareness blade is configured via the collector and unfortunately (as far as I know) there is no agent for unix server.

If checking a specific server via "pdp monitor" every unix server has a domain controller as machine_name, which is obviously wrong.

Any hints on how to fix this?

Labels
0 Kudos
2 Replies
Tobias_Moritz
Advisor
‎2022-05-27 01:08 AM

As far as I know, Check Point Identity Collector is reading the Active Directory security logs just like the old AD Query did, but with a different (and more robust and scalable) approach.

What I want to say: Have you checked the Active Directory security logs for log-in events from these unix servers? Do they look different, than the ones from Microsoft servers? If yes, do they have the needed and correct information in them?

If the needed and correct information is there, but just the format is different, then Check Point could improve their Identity Collector code to support this scenario.

If the security logs do not contain the correct information, than Check Point cannot do anything and you have to reconfigure (or even patch) SSSD to provide the correct information during authentication process so that the domain controllers have a chance to write usefull security logs.

Sorry, I do not have access to such a setup at the moment to provide you with own findings, I just want to help you to get one step further in troubleshooting, when nobody from the community has answered after a week 🙂

0 Kudos
Sorin_Gogean
Advisor
‎2022-05-28 10:43 AM

hey, 

 

i think you have smth wrong with the Linux and AD part there, as for us, we can see clearly the machine (IP is showed on purpose) and the user (actually is the last user that logged on that machine).

Untitled.png

 

also the pdp monitor on Linux Node:

Untitled.png

and on an windows node:

Untitled.png

 

Thank you,

PS: I don't get it why are you afraid in showing pictures of errors or whatever you consider being wrong, and blur whatever is unnecessary....

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events