You are correct, I am trying to move from the Windows install, to the virtual appliance. And I was trying to make sure that the Virtual Appliance was configured correctly. I've tried following the instructions from the knowledge base I could find to make sure I had not missed a configuration step. as I found articles for Lightweight Directory Access Protocol (LDAP), Apache Tomcat, MySQL.
https://help.eset.com/protect_deploy_va/10.0/en-US/va_faq.html?configure_ldaps_connection_to_a_domain.html
https://help.eset.com/protect_deploy_va/10.0/en-US/va_faq.html?enable_apache_http_proxy.html
https://help.eset.com/protect_install/10.0/en-US/?mysql_configuration.html
I'm not seeing a knowledge base article regarding what a policy rule relies on in order to make the field resolve user|group names.
I was under the impression that the policy rules would be using the database to resolve objectSID to a name|group name. But then I thought maybe it is using ldap "SID Binding" to resolve the objectSID. However, it sounds like there is a component that relies on the host operating system's ability to translate the objectSID. Which is pure speculation on my part, because I'm not a developer for any of the components.
So, I am wondering is there an ESET Knowledge article configuration file that has to be set in order to tell the ESET a component, what the host OS uses for identity management to resolve the objectSID? If it indeed relies on the host OS identity management?
I'm able to resolve objectSID to username using wbinfo -s <objectSID>
Part of me thought maybe thought it could have been something to do with samba|smb seeing as it is listed as a prerequisite. because wbinfo -g, wbinfo -u, and wbinfo -p all work, per the help-with-domain.txt located in the Virtual Appliance.
here's and excerpt from help-with-domain.txt on the virtual appliance that I'm referring to regards the wbinfo resolving an objectSID.
C. Manual domain join (run rejoin-domain.sh):
1. Call 'net ads join -U Administrator%<password>' command to join domain. If successful then you should see created computer record in domain controller.
2. Start 'service winbind start'.
3. Start 'service nmb start'.
4. Start 'service smb start'.
5. Verify that you can ping Winbind by 'wbinfo -p'.
5. Verify that 'wbinfo -u' lists domain users and 'wbinfo -g' lists domain groups.
ESET PROTECT server uses commands 'kinit' and 'ldapsearch' to browse through active directory and 'wbinfo' and 'kinit' to perform domain authentication. If these commands work, then you have successfully joined domain.
Initially I reached out to Chat Support, part of the initial response I got was:
"On the ESET Appliance that uses the CentOS operating system, a Linux based operating systems, this how it will display by default. The reason is the two different operating systems. But this raised the question, Can the default behavior be changed to properly display the account name in the Protect Management Server when installed on a Linux operating system? We found that it can be changed by modifying the SSSD.Conf file." (excerpt not the full response.)
So if "We found that it can be changed by modifying the SSSD.Conf file."
Why are there no knowledge base articles for SSSD like there is for Lightweight Directory Access Protocol (LDAP), Apache Tomcat, MySQL.
https://help.eset.com/protect_deploy_va/10.0/en-US/va_faq.html?configure_ldaps_connection_to_a_domain.html
https://help.eset.com/protect_deploy_va/10.0/en-US/va_faq.html?enable_apache_http_proxy.html
https://help.eset.com/protect_install/10.0/en-US/?mysql_configuration.html
