We have both the Cache Cleaner and Host Checker running. I know the cache cleaner is not supported on Mac, but we don't have the cache cleaner active on all roles, so I expected the roles without the cache cleaner to come up, but they don't. When I disable the Host Checker, the roles without the cache cleaner active do appear.

Does that make sense? Trying to figure out why this is the case?

Thanks

Not sure if this will help you but I just ran a quick test. I have realm - call it "employees" - you can login to the realm directly by going to "employees.itgmeeting.com" or go to itgmeeting.com and select it. Host checker with MAC criteria is also enabled.

W/cache cleaner enabled but not enforced at the realm level (and not selected at all at a role level) a MAC user going direct is denied access "You do not have permission to login......"

User hits the generic URL and selects the "employees" realm and they can login.

Turn off host checking and hit the direct URL and no problem. So I am guessing that it has something to do with CC and HC running together and how the realm is first dished up. Are your MAC users selecting a realm from pulldown or going direct via URL? Probably the latter???

Our user don't select a realm, they go in direct via a URL.

I think I have to agree with you here. It's a combination of the Host Checker and Cache cleaner that don't work together. So basically you are saying I need to create a seperate realm for MAC users?

If that's the case how would I go about stopping a standard windows user from bypassing the normal realm and using the "MAC" realm instead, therefore no requirement for these components to install.

Ok - simplest answer (not necessarily the best but brain is starting to shut down -- Create two HC policies, or a single HC policy with two checks - one that MAC and only MAC will always pass (some OS file is easiest) and the other for Windows.

Set the policy (if only one) to require "any of the above rules" - Or set the HC check at the realm level to allow login if "One of the select policies is passed"

This way no one gets around HC check. Also found out that this works with "URL - no realm selection" - (as long as cache cleaner setting @ realm level is just load - not load and enforce)

Hope that helps!

Well I had the user connect from home last night with her Mac to test for me (I don't have a Mac to test with) and unfortunately she says it still didn't work.

I basically created a HC rule that checked for the presence of c:\windows\explorer.exe and if it existed then it was determined to be a windows user and they would be denied access via this particular "Mac" realm. I didn't put any Mac HC rules in place.

It sounds like the HC is failing to load on this Mac OS for some reason. It is needing to load to check if it is a Windows pc or not. I'm only going by what she is saying that she is running version 10.5.6 but maybe she's running something else. I'm at a bit of a loss?

Interesting - I don't do much host checking on my MAC - cause we dont' need to

So I just tried this - setup a second HC rule - MAC file check rule. Enabled it on realm and selected "allow access to realm in ONE is passed" and MAC worked fine.

When I just had the Windows rule, even though it was based on a "deny" if Explorer is there I failed the HC check. Not sure why a MAC host check would fail when it passes a Windows rule.

Now just for fun - I reversed it - setup a rule that required a file that was only on the MAC. MAC user got realm login just fine - Windows user did not.

So I would suggest you reverse your criteria - IE - ONLY allow MAC realm access if they have something like a key MAC process running. You could check for "launchd" which every MAC has on startup.

Good advice. I'll give it a go and see what happens. Do I have to specify the path for "launchd"? If so what is the location? Sorry I know nothing about Mac's.

Thanks