Closed utterances-bot closed 6 months ago
Hello Robert, Congrats for you blog! Great help for macos management!
I had a problem with Kerberos SSO. In most enterprise networks and vpn clients works fine, but with the vpn (watchguard) of a specific company I cant get it to work.
I opened all ports to KDC (DCs) in the firewall. I can create a kerberos token (with kinit on console), I can add macos to domain, all ok... but when I try MDM Kerberos SSO, when loggin after entering credentials nothing happens. No error message, only sso windows closes. Out of VPN, on company network, I can log in frome MDM Kerberos SSO windows, so is not AD or profile bad config, is Firewall problem.
I try to get logs to see something, but its insane! Do you know in which file of the sysdiagnose the appsso traces appear?
Best Regards
Hello @Jeyper!
If you're troubleshooting using a sysdiagnose, you want to keep the following in mind:
--archive system_logs.logarchive
to any log show
command to show unified logging from the sysdiagnose and not the running system's unified log.
~/Downloads/sysdiagnose_2020.10.06_00-55-25-0700_Mac-OS-X_iMacPro1-1_ABCDE/system_logs.logarchive
--start "2020-10-06 00:47:00" --end "2020-10-06 00:48:49"
parameters, or a general timeframe parameter --last 2h
In other words, something along these lines: log show --archive system_logs.logarchive --start "2020-10-06 00:47:00" --end "2020-10-06 00:48:49" --debug --predicate '(subsystem == "com.apple.Heimdal") OR (subsystem == "com.apple.AppSSO") OR (subsystem == "org.h5l.gss") OR (subsystem == "com.apple.network")'
macOS Big Sur and Kerberos SSO via Per-App Tunnel - Robert Terakedis
It works!
https://blog.euc-rt.me/post/macos-bigsur-kerberos-sso-over-vpn/