Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
User1234
Contributor

Identity Awareness with AD and SSSD

We have an AD and a working SSSD configuration for unix server. The identity awareness blade is configured via the collector and unfortunately (as far as I know) there is no agent for unix server.

If checking a specific server via "pdp monitor" every unix server has a domain controller as machine_name, which is obviously wrong.

Any hints on how to fix this?

0 Kudos
2 Replies
Tobias_Moritz
Advisor

As far as I know, Check Point Identity Collector is reading the Active Directory security logs just like the old AD Query did, but with a different (and more robust and scalable) approach.

What I want to say: Have you checked the Active Directory security logs for log-in events from these unix servers? Do they look different, than the ones from Microsoft servers? If yes, do they have the needed and correct information in them?

If the needed and correct information is there, but just the format is different, then Check Point could improve their Identity Collector code to support this scenario.

If the security logs do not contain the correct information, than Check Point cannot do anything and you have to reconfigure (or even patch) SSSD to provide the correct information during authentication process so that the domain controllers have a chance to write usefull security logs.

Sorry, I do not have access to such a setup at the moment to provide you with own findings, I just want to help you to get one step further in troubleshooting, when nobody from the community has answered after a week 🙂

0 Kudos
Sorin_Gogean
Advisor

hey, 

 

i think you have smth wrong with the Linux and AD part there, as for us, we can see clearly the machine (IP is showed on purpose) and the user (actually is the last user that logged on that machine).

Untitled.png

 

also the pdp monitor on Linux Node:

Untitled.png

and on an windows node:

Untitled.png

 

Thank you,

PS: I don't get it why are you afraid in showing pictures of errors or whatever you consider being wrong, and blur whatever is unnecessary....

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events