- CheckMates
- :
- Products
- :
- Harmony
- :
- Endpoint
- :
- Harmony Endpoint on-prem and strong authentication...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Harmony Endpoint on-prem and strong authentication with computers not joined to a domain?
Hi,
we are deploying Harmony on-prem in an environment with mostly windows servers and clients joined to a windows AD-domain. We have enabled Strong Authentication as recommended and it works fine.
But we also have some windows and linux servers not joined to the domain that we want to protect. Is this supported somehow?
On a linux server in the cpla.log I get following error:
libsba - ERROR - [cpda] realm is empty
libsba - ERROR - [cpda] Failed to get auth header. GetAuthheader error
On a windows server in the cpda.log I get:
[error] Kerberos authentication failed - Unknown error. [CclientAuth::getAuthHeader]
[error] Failed to get auth header. GetAuthheader error: 70001 [CHTTPCall_curl::sendReq_internal]
Endpoint Management: R81.20
Windows Endpoint version: E88.32
Linux Endpoint version: 1.20.7
Best Regards // Jonas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.
Deploying Harmony Endpoint with Strong Authentication for servers not joined to a domain is not supported. Strong Authentication relies on Active Directory and Kerberos, which require the machines to be part of the domain.
For your non-domain Windows and Linux servers, you will need to disable Strong Authentication. Here are the steps you can take:
Disable Strong Authentication:
- In the Web Console or SmartEndpoint, clear the "work in authenticated mode" checkbox for the non-domain machines.
Review Logs:
- For Linux, ensure the keytab file is correctly set up in
/var/lib/checkpoint/cpmgmt/auth.keytab
. - For Windows, verify the service name and ensure there are no typing errors in the Check Point Endpoint Security Management Server.
- For Linux, ensure the keytab file is correctly set up in
If you need further assistance, consider reaching out to Check Point Support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you trying to auth by machine or user? Local admin or infinity portal?
