LeonC 1 Posted February 17, 2023 Share Posted February 17, 2023 In version 7.2 the rules placed the user name in the field in a useful way with like ESET Security Management Center (Server), Version 7.2 (7.2.1278.0)ESET Security Management Center (Web Console), Version 7.2 (7.2.230.0) With a policy rule. When I put an objectSID into the box to add security identifier and click OK. After clicking OK in the web console the objectSID would magically turn into a human readable format. Creating the list item with the objectSID in the title attribute and places the human readable format into the inner text of the list item. Which looks like it is been that way by design since version 6.5 https://forum.eset.com/topic/10117-web-control-user-list-populates-sids/ We are installing the Virtual appliance ESET PROTECT (Server), Version 10.0 (10.0.2133.0)ESET PROTECT (Web Console), Version 10.0 (10.0.132.0) Same deal in 10 add the objectSID click OK The web console does not place the human readable format into the inner text of the list item as it did in a prior version. Between these two forms when entering the objectSID and clicking OK is where the issue is. And why I’m wondering what this relies on to function properly. It appears that I’m not the only one having this issue. https://forum.eset.com/topic/33941-web-control-rules-filter-by-user/ With ESET Appliance v10.0.2133.0 only the SID is displayed. Will ESET bring back the User name again in future releases? rmdir32 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted February 17, 2023 Administrators Share Posted February 17, 2023 Most likely you have moved from ESET PROTECT on Windows to virtual appliance. On Linux this feature has never been supported and there are no plans to support it any time soon. On Windows SID is replaced with an actual user name. Link to comment Share on other sites More sharing options...
Dan_K 0 Posted February 23, 2023 Share Posted February 23, 2023 You are correct, I am trying to move from the Windows install, to the virtual appliance. And I was trying to make sure that the Virtual Appliance was configured correctly. I've tried following the instructions from the knowledge base I could find to make sure I had not missed a configuration step. as I found articles for Lightweight Directory Access Protocol (LDAP), Apache Tomcat, MySQL. https://help.eset.com/protect_deploy_va/10.0/en-US/va_faq.html?configure_ldaps_connection_to_a_domain.html https://help.eset.com/protect_deploy_va/10.0/en-US/va_faq.html?enable_apache_http_proxy.html https://help.eset.com/protect_install/10.0/en-US/?mysql_configuration.html I'm not seeing a knowledge base article regarding what a policy rule relies on in order to make the field resolve user|group names. I was under the impression that the policy rules would be using the database to resolve objectSID to a name|group name. But then I thought maybe it is using ldap "SID Binding" to resolve the objectSID. However, it sounds like there is a component that relies on the host operating system's ability to translate the objectSID. Which is pure speculation on my part, because I'm not a developer for any of the components. So, I am wondering is there an ESET Knowledge article configuration file that has to be set in order to tell the ESET a component, what the host OS uses for identity management to resolve the objectSID? If it indeed relies on the host OS identity management? I'm able to resolve objectSID to username using wbinfo -s <objectSID> Part of me thought maybe thought it could have been something to do with samba|smb seeing as it is listed as a prerequisite. because wbinfo -g, wbinfo -u, and wbinfo -p all work, per the help-with-domain.txt located in the Virtual Appliance. here's and excerpt from help-with-domain.txt on the virtual appliance that I'm referring to regards the wbinfo resolving an objectSID. C. Manual domain join (run rejoin-domain.sh): 1. Call 'net ads join -U Administrator%<password>' command to join domain. If successful then you should see created computer record in domain controller. 2. Start 'service winbind start'. 3. Start 'service nmb start'. 4. Start 'service smb start'. 5. Verify that you can ping Winbind by 'wbinfo -p'. 5. Verify that 'wbinfo -u' lists domain users and 'wbinfo -g' lists domain groups. ESET PROTECT server uses commands 'kinit' and 'ldapsearch' to browse through active directory and 'wbinfo' and 'kinit' to perform domain authentication. If these commands work, then you have successfully joined domain. Initially I reached out to Chat Support, part of the initial response I got was: "On the ESET Appliance that uses the CentOS operating system, a Linux based operating systems, this how it will display by default. The reason is the two different operating systems. But this raised the question, Can the default behavior be changed to properly display the account name in the Protect Management Server when installed on a Linux operating system? We found that it can be changed by modifying the SSSD.Conf file." (excerpt not the full response.) So if "We found that it can be changed by modifying the SSSD.Conf file." Why are there no knowledge base articles for SSSD like there is for Lightweight Directory Access Protocol (LDAP), Apache Tomcat, MySQL. https://help.eset.com/protect_deploy_va/10.0/en-US/va_faq.html?configure_ldaps_connection_to_a_domain.html https://help.eset.com/protect_deploy_va/10.0/en-US/va_faq.html?enable_apache_http_proxy.html https://help.eset.com/protect_install/10.0/en-US/?mysql_configuration.html Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted February 24, 2023 Administrators Share Posted February 24, 2023 Please see my reply above: On Linux this feature has never been supported and there are no plans to support it any time soon. There is no way to make SID resolve on Linux since this feature is supported only on Windows currently. Link to comment Share on other sites More sharing options...
Recommended Posts