https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-on-prem-and-strong-authentication-with/m-p/238169#M9934 <P>Hi,</P><P>we are deploying Harmony on-prem in an environment with mostly windows servers and clients joined to a windows AD-domain. We have enabled Strong Authentication as recommended and it works fine.&nbsp;</P><P>But we also have some windows and linux servers not joined to the domain that we want to protect. Is this supported somehow?&nbsp;</P><P>On a linux server in the cpla.log I get following error:</P><P>libsba - ERROR - [cpda] realm is empty</P><P>libsba - ERROR - [cpda] Failed to get auth header. GetAuthheader error</P><P>&nbsp;</P><P>On a windows server in the cpda.log I get:</P><P>[error] Kerberos authentication failed - Unknown error. [CclientAuth::getAuthHeader]</P><P>[error] Failed to get auth header. GetAuthheader error: 70001 [CHTTPCall_curl::sendReq_internal]</P><P>&nbsp;</P><P>Endpoint Management: R81.20</P><P>Windows Endpoint version: E88.32</P><P>Linux Endpoint version: 1.20.7</P><P>&nbsp;</P><P>Best Regards // Jonas</P><P>&nbsp;</P> Fri, 10 Jan 2025 14:08:07 GMT Jonas_O 2025-01-10T14:08:07Z https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-on-prem-and-strong-authentication-with/m-p/238169#M9934 <P>Hi,</P><P>we are deploying Harmony on-prem in an environment with mostly windows servers and clients joined to a windows AD-domain. We have enabled Strong Authentication as recommended and it works fine.&nbsp;</P><P>But we also have some windows and linux servers not joined to the domain that we want to protect. Is this supported somehow?&nbsp;</P><P>On a linux server in the cpla.log I get following error:</P><P>libsba - ERROR - [cpda] realm is empty</P><P>libsba - ERROR - [cpda] Failed to get auth header. GetAuthheader error</P><P>&nbsp;</P><P>On a windows server in the cpda.log I get:</P><P>[error] Kerberos authentication failed - Unknown error. [CclientAuth::getAuthHeader]</P><P>[error] Failed to get auth header. GetAuthheader error: 70001 [CHTTPCall_curl::sendReq_internal]</P><P>&nbsp;</P><P>Endpoint Management: R81.20</P><P>Windows Endpoint version: E88.32</P><P>Linux Endpoint version: 1.20.7</P><P>&nbsp;</P><P>Best Regards // Jonas</P><P>&nbsp;</P> Fri, 10 Jan 2025 14:08:07 GMT https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-on-prem-and-strong-authentication-with/m-p/238169#M9934 Jonas_O 2025-01-10T14:08:07Z https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-on-prem-and-strong-authentication-with/m-p/238200#M9941 <P><STRONG>This answer is provided by <A href="https://www.checkpoint.com/ai/copilot/" target="_blank">Infinity AI Copilot</A> and should be confirmed by reviewing official documentation in <A href="https://support.checkpoint.com" target="blank">Support Center</A>.</STRONG></P> <P>Deploying Harmony Endpoint with Strong Authentication for servers not joined to a domain is not supported. Strong Authentication relies on Active Directory and Kerberos, which require the machines to be part of the domain. </P> <P>For your non-domain Windows and Linux servers, you will need to disable Strong Authentication. Here are the steps you can take:</P> <OL> <LI><P><STRONG>Disable Strong Authentication</STRONG>: </P> <UL> <LI>In the Web Console or SmartEndpoint, clear the "work in authenticated mode" checkbox for the non-domain machines.</LI> </UL> </LI> <LI><P><STRONG>Review Logs</STRONG>: </P> <UL> <LI>For Linux, ensure the keytab file is correctly set up in <CODE>/var/lib/checkpoint/cpmgmt/auth.keytab</CODE>.</LI> <LI>For Windows, verify the service name and ensure there are no typing errors in the Check Point Endpoint Security Management Server.</LI> </UL> </LI> </OL> <P>If you need further assistance, consider reaching out to <A href="https://www.checkpoint.com/about-us/contact-us/" target="_blank">Check Point Support</A>.</P> Fri, 10 Jan 2025 17:15:51 GMT https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-on-prem-and-strong-authentication-with/m-p/238200#M9941 CheckMatesAI 2025-01-10T17:15:51Z https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-on-prem-and-strong-authentication-with/m-p/238206#M9942 <P>Are you trying to auth by machine or user? Local admin or infinity portal?</P> Fri, 10 Jan 2025 18:16:02 GMT https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-on-prem-and-strong-authentication-with/m-p/238206#M9942 Chillyjim 2025-01-10T18:16:02Z