Skip to main content
Question

Challenge your skills: Search all logs for applications requesting kerberos tickets

  • December 9, 2016
  • 3 replies
  • 4 views
J
Forum|alt.badge.img+2
  • j_k
  • New Contributor

Common problem: a user is getting locked out of Active Directory "mysteriously"

The challenge: a way to grep or find through the whole computer's log files to figure out whats been making requests recently.

so far I haven't been able to pull it off. something like 

sudo grep -r -i kerb .

doesn't yield much. I think this is a universal challenge IT support faces and admins avoid. I assume there isn't a tool to help yet because no one is smart enough to make one, but hey, maybe one of us could?

    3 replies

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • December 10, 2016

    @j/k Are they on Sierra? Do they have iCloud enabled?

    J
    Forum|alt.badge.img+2
    • j_k
    • Author
    • New Contributor
    • December 12, 2016

    @bentoms yes to both

    A
    Forum|alt.badge.img+7
    • a_stonham
    • Contributor
    • December 12, 2016

    Sounds like the sierra failed auth problem:
    https://www.jamf.com/jamf-nation/discussions/21320/sierra-ad-account-lockout-when-setting-up-icloud

    Terms & ConditionsCookie settingsAccessibility statement