Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1869: How to collect a network trace on Unix and Mac systems

Authentication Service ,   Mac & PC Management Service ,  

12 April,16 at 11:02 AM

Question:
 
What are the steps needed to collect a raw network trace from a Centrify-joined system?



 
Answer:
For UNIX systems:
 
Perform the following steps as root or sudo:
  1. Edit /etc/centrifydc/centrifydc.conf and temporarily edit the parameter below:
    adclient.ldap.packet.encrypt: Disabled
     
  2. Restart adclient as follows:
    # /usr/share/centrifydc/bin/centrifydc restart
     
  3. Start the network trace:
    For Linux machines: tcpdump -i <ETHERNET INTERFACE NAME> -s 0 -w <NAME FOR THE FILE>
    Example:
        tcpdump -i <ETHERNET INTERFACE NAME> -s 0 -w /tmp/login.pcap
     
    For Solaris machines: snoop -d  <ETHERNET INTERFACE NAME> -s 0 -o <NAME FOR THE FILE>
    Example:
        snoop -d ge0 -s 0 -o /tmp/login.pcap
     
  4. When the target traffic has been captured, hit Control + C to stop the trace.
     
  5. Zip send in the packet trace to Support
     
  6. Restore the "adclient.ldap.packet.encrypt" back to "Enabled" and reload the configuration file.
 
For Mac systems:
  • Check the following Apple KB to determine the correct interface to use: http://support.apple.com/kb/HT3994
  • Make sure SSH has been enabled on the Mac: System Preferences > Sharing > "Remote Login" 
  1. Login to the Mac as Local Admin and open the Mac Diagnostic Tool 
     
  2. Make sure that the CentrifyDC mode on the first screen says: Connected. 
     
  3. Go to the Debug / Logs section and click in order: 
     
    [ Flush AD Cache ]
    [ 0. Clear Debug Log Files ]
    [ 1. Enable / Disable Debugger ] 
     
    (The Debug Status will switch to: ON ) 
     
  4. From another computer, connect to the Mac via SSH and also login with Local Admin credentials. 
     
  5. Start the network trace (Run the tcpdump command from the Apple KB.) 
     
  6. Login as the affected AD account and reproduce the reproduce the issue.
     
  7. On the SSH connection, hit Control + C to stop the trace.
     
  8. On the Mac itself, log back in as Local Admin and go back to the Diagnostic Tool > Debug / Logs 
    - (The pcap trace just captured will also be seen on the Desktop) 
     
  9. Enter the affected AD username in the box on the left and press: 
     
    [ 1. Enable / Disable Debugger ] 
    [ 2. Save Debug Log files to Desktop ] 
     
    (The Debug Status will switch to: OFF ) 
     
  10. Send the DumpFile01.pcap and Full_Log_Pack.zip files from the Desktop to Support.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 No related Articles