https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156308#M7313 <P>Hello,</P><P>&nbsp;</P><P>We’re now using RADIUS (Windows NPS) to authenticate administrators on our Check Point SMB devices using the commands below:</P><P>&nbsp;</P><P><EM>set radius-server priority 1 ipv4-address &lt;Primary_RADIUS_Server_IP_Address&gt; udp-port 1812 shared-secret &lt;shared_key_1&gt; timeout 3</EM></P><P><EM>set radius-server priority 2 ipv4-address &lt;Secondary_RADIUS_Server_IP_Address&gt;&nbsp; udp-port 1812 shared-secret &lt;shared_key_2&gt; timeout 3</EM></P><P><EM>set administrators radius-auth enable use-radius-roles true</EM></P><P>&nbsp;</P><P>We’d like to login directly in Expert Mode when we login to the firewall. Do you have an idea how we can achieve this ?</P><P>&nbsp;</P><P>FYI, I've tried what was discussed in this post:&nbsp;</P><P><A href="https://community.checkpoint.com/t5/SMB-Gateways-Spark/Activate-bashUser-via-script-on-a-Embedded-Gaia-device/td-p/16827" target="_blank">Solved: Activate bashUser via script on a Embedded Gaia de... - Check Point CheckMates</A></P><P>&nbsp;</P><P>But this only works for local accounts, NOT for RADIUS users</P><P>&nbsp;</P><P>Thanks !</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P> Fri, 02 Sep 2022 08:17:42 GMT Leader_Kiongi 2022-09-02T08:17:42Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156308#M7313 <P>Hello,</P><P>&nbsp;</P><P>We’re now using RADIUS (Windows NPS) to authenticate administrators on our Check Point SMB devices using the commands below:</P><P>&nbsp;</P><P><EM>set radius-server priority 1 ipv4-address &lt;Primary_RADIUS_Server_IP_Address&gt; udp-port 1812 shared-secret &lt;shared_key_1&gt; timeout 3</EM></P><P><EM>set radius-server priority 2 ipv4-address &lt;Secondary_RADIUS_Server_IP_Address&gt;&nbsp; udp-port 1812 shared-secret &lt;shared_key_2&gt; timeout 3</EM></P><P><EM>set administrators radius-auth enable use-radius-roles true</EM></P><P>&nbsp;</P><P>We’d like to login directly in Expert Mode when we login to the firewall. Do you have an idea how we can achieve this ?</P><P>&nbsp;</P><P>FYI, I've tried what was discussed in this post:&nbsp;</P><P><A href="https://community.checkpoint.com/t5/SMB-Gateways-Spark/Activate-bashUser-via-script-on-a-Embedded-Gaia-device/td-p/16827" target="_blank">Solved: Activate bashUser via script on a Embedded Gaia de... - Check Point CheckMates</A></P><P>&nbsp;</P><P>But this only works for local accounts, NOT for RADIUS users</P><P>&nbsp;</P><P>Thanks !</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P> Fri, 02 Sep 2022 08:17:42 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156308#M7313 Leader_Kiongi 2022-09-02T08:17:42Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156369#M7322 <P>The "bashUser" script tries to twiddle a database entry for the specified (or current) user to change the shell to bash.<BR />That fails on RADIUS users since there's no db entry (/etc/passwd or otherwise).</P> <P>Which means: if there is a supported method to allow this, it will be via a different method.<BR />I suspect, however, this is an RFE.</P> Sat, 03 Sep 2022 00:35:21 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156369#M7322 PhoneBoy 2022-09-03T00:35:21Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156382#M7323 <P>Of course, you can always&nbsp;<EM>create</EM> an authentication database entry for a given user. Just don't give the user a password, and authentication will fall through to RADIUS. This gives you full control over their UID, GID, home directory, login shell, everything on a per-user basis.</P> Sat, 03 Sep 2022 13:20:00 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156382#M7323 Bob_Zimmerman 2022-09-03T13:20:00Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156442#M7324 <P>Thank you for your feedback&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp; I opened a TAC case in the meantime and here's the solution:</P><P>1. Perform a manual upgrade to the latest GA firmware for Centrally managed 1500 appliance - R80.20.50<BR />2. Run in expert mode: sqlcmd "update adminRadius set enableDefaultShell ='true'"<BR />3. In WebUI, go to Device-&gt;Advanced Settings-&gt;Filter for 'Administrators RADIUS authentication - Default Shell' and change the value to 'Bash'.:</P><P>&nbsp;</P><P>I've tried it and it works.</P> Mon, 05 Sep 2022 06:07:28 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156442#M7324 Leader_Kiongi 2022-09-05T06:07:28Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156443#M7325 <P>Thank you <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/27871">@Bob_Zimmerman</a>&nbsp;for your feedback&nbsp;&nbsp; I opened a TAC case in the meantime and here's the solution:</P><P>1. Perform a manual upgrade to the latest GA firmware for Centrally managed 1500 appliance - R80.20.50<BR />2. Run in expert mode: sqlcmd "update adminRadius set enableDefaultShell ='true'"<BR />3. In WebUI, go to Device-&gt;Advanced Settings-&gt;Filter for 'Administrators RADIUS authentication - Default Shell' and change the value to 'Bash'.:</P><P>&nbsp;</P><P>I've tried it and it works.</P> Mon, 05 Sep 2022 06:08:52 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156443#M7325 Leader_Kiongi 2022-09-05T06:08:52Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156635#M7347 <P>Also looks like this is in R81.10.00 also.<BR />Nice find!&nbsp;</P> Tue, 06 Sep 2022 14:04:35 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Expert-mode-for-Gaia-Embedded-for-RADIUS-users/m-p/156635#M7347 PhoneBoy 2022-09-06T14:04:35Z