https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/174192#M8427 <P>Seems that some commands will not work, as found in <A class="cp_link sc_ellipsis" style="max-width: 840px;" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk106490&amp;partition=Advanced&amp;product=CloudGuard" target="_blank" rel="noopener" data-hasqtip="29" aria-describedby="qtip-29"> sk106490: How to remotely reset Admin / Expert password on a Security Gateway</A>:</P> <P><EM>This procedure is <STRONG>NOT</STRONG>&nbsp;supported for Gaia Embedded appliances. If you attempt to run this command on a Gaia Embedded appliance, you will receive the following error: "<CODE>Unexpected error: attempt to index global 'cgilua' (a nil value)</CODE>"</EM></P> <P>There is also a procedure using different syntax to achieve the same on SMBs:</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk106025" target="_blank" rel="noopener">sk106025 - How to reset the Expert mode password on a Quantum Spark Appliance with Gaia Embedded OS</A></P> <P>You could try to use a script on SMB, first lines:</P> <PRE>#!/bin/bash -f<BR />source /fwtmp/opt/fw1/tmp/.CPprofile.s</PRE> <P>&nbsp;and call it with the needed parameter values using cprid_util command.</P> Thu, 09 Mar 2023 15:46:31 GMT G_W_Albrecht 2023-03-09T15:46:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/150577#M6918 <P>I know it is possible to execute commands from a management server (SMS) to a centrally managed SMB via CPDIR. For example, the below command works a treat (PS - 10.20.30.40 is not an actual IP I'm using):</P><P>$CPDIR/bin/cprid_util -server 10.20.30.40 -verbose rexec -rcmd /bin/clish -c "show configuration"</P><P>&nbsp;</P><P>What does seem to be an issue however is the ability to add local administrators this way (I have tried multiple iterations of the below)?</P><P>$CPDIR/bin/cprid_util -server 10.20.30.40 -verbose rexec -rcmd /bin/clish -c "add user newadmin type admin password this_is_my_real_password permission RW"<BR /><STRONG>Unexpected error: attempt to index global 'cgilua' (a nil value)</STRONG></P><P>$CPDIR/bin/cprid_util -server 10.20.30.40 -verbose rexec -rcmd /bin/clish -c "add administrator username newadmin password-hash $1$UHVNJb2O$1UXMqCZm9767DZNtoIqYv. permission read-write"<STRONG><BR />Could not set administrator password-hash: Not valid password hash<BR />Could not set administrator password-hash: Not valid password hash</STRONG></P><P>$CPDIR/bin/cprid_util -server 10.20.30.40 -verbose rexec -rcmd /bin/clish -c "add administrator username newadmin password-hash '$1$UHVNJb2O$1UXMqCZm9767DZNtoIqYv.' permission read-write"<STRONG><BR />Could not set administrator password-hash: Not valid password hash<BR />Could not set administrator password-hash: Not valid password hash</STRONG></P><P>The above commands within the quotation marks work fine locally on the SMB device, but running the CPRID commands from the SMS fail with the errors in bold above.</P> Fri, 10 Jun 2022 15:26:03 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/150577#M6918 SaffaRamma 2022-06-10T15:26:03Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/150578#M6919 <P>Yes, it should be supported.<BR />That said, the canonical path to clish on SMB appliances is&nbsp;/pfrm2.0/bin/clish<BR />If that still doesn't work, recommend a TAC case.</P> Fri, 10 Jun 2022 15:40:29 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/150578#M6919 PhoneBoy 2022-06-10T15:40:29Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/150582#M6920 <P>Thanks for the quick response! Tried the change in canonical path ($CPDIR/bin/cprid_util -server 10.20.30.40 -verbose rexec -rcmd /pfrm2.0/bin/clish -c "add user testuser type admin password testuser123password permission R") and still no dice! I'll get a ticket raised with TAC.</P> Fri, 10 Jun 2022 15:54:58 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/150582#M6920 SaffaRamma 2022-06-10T15:54:58Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/174095#M8424 <P>Was this solved by TAC? I'm also getting "Unexpected error: attempt to index global 'cgilua' (a nil value)" when trying to do something like this:</P><P>&nbsp;</P><LI-CODE lang="c">cprid_util -server 1.2.3.4 -verbose rexec -rcmd clish -c "set administrator session-settings inactivity-timeout 15"</LI-CODE> Wed, 08 Mar 2023 21:45:54 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/174095#M8424 Bärbel 2023-03-08T21:45:54Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/174192#M8427 <P>Seems that some commands will not work, as found in <A class="cp_link sc_ellipsis" style="max-width: 840px;" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk106490&amp;partition=Advanced&amp;product=CloudGuard" target="_blank" rel="noopener" data-hasqtip="29" aria-describedby="qtip-29"> sk106490: How to remotely reset Admin / Expert password on a Security Gateway</A>:</P> <P><EM>This procedure is <STRONG>NOT</STRONG>&nbsp;supported for Gaia Embedded appliances. If you attempt to run this command on a Gaia Embedded appliance, you will receive the following error: "<CODE>Unexpected error: attempt to index global 'cgilua' (a nil value)</CODE>"</EM></P> <P>There is also a procedure using different syntax to achieve the same on SMBs:</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk106025" target="_blank" rel="noopener">sk106025 - How to reset the Expert mode password on a Quantum Spark Appliance with Gaia Embedded OS</A></P> <P>You could try to use a script on SMB, first lines:</P> <PRE>#!/bin/bash -f<BR />source /fwtmp/opt/fw1/tmp/.CPprofile.s</PRE> <P>&nbsp;and call it with the needed parameter values using cprid_util command.</P> Thu, 09 Mar 2023 15:46:31 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/174192#M8427 G_W_Albrecht 2023-03-09T15:46:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/186578#M9199 <P>Nice try. But then you get a lua error. so that doesn't work either.</P> Mon, 17 Jul 2023 11:55:04 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/186578#M9199 Hugo_vd_Kooij 2023-07-17T11:55:04Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/256349#M13177 <P>Well, it seems like&nbsp;some Lua code in clish is trying to access the USER environment variable while it's not been set by CPRID, hence the nil value error.</P><P>You need to set it first:</P><LI-CODE lang="markup">cprid_util -server &lt;ip&gt; -verbose putenv -attr USER -val admin cprid_util -server &lt;ip&gt; -verbose rexec -rcmd clish -c 'set administrator username &lt;adminuser&gt; password-hash "&lt;hash&gt;" permission read-write'</LI-CODE><P><BR />The putenv command should remain in effect until the gateway is rebooted.</P> Wed, 22 Oct 2025 23:18:04 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Creating-users-via-script-using-CPDIR-on-SMB-Devices/m-p/256349#M13177 nmelay2 2025-10-22T23:18:04Z