cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Multi-domain Admin user authentication to AD?

Is there a possibility to use ad AD connection to authenticate Admin users for a Multi Domain environment? Currently we use a TacAcs solution but this mean an additional server in between the MDS and the AD.

Regards, Maarten
Tags (2)
9 Replies
Jerry
Gold

Re: Multi-domain Admin user authentication to AD?

of course you can with IA Blade Smiley Happy Admin for MDS means priviledged-user (Super User) not Domain Admin from AD - just bear in mind. All written and explained in R80.xx Management Admin Guide.

ps. R80.xx has no MDS (R77.xx has) so all you need is Identity for certain users and giving them Super User rights by Management Permissions and Administrators (unless you refer to R77.xx where it is actually quite similar afaik)

one more thing, if you're talking AD you talking LDAP you know that?

otherwise TACACS and RADIUS are also supported.

Jerry
0 Kudos
Employee++
Employee++

Re: Multi-domain Admin user authentication to AD?

Hi please refer sk63166: LDAP Administrator login for GUI Clients.

As I recall this (OS password) used to be an option only for security management installations based on Windows (not GAiA).

Re: Multi-domain Admin user authentication to AD?

Oh yeah whats in a name, Provider 1, still used in the code? MDS, R77.30 or MDSM for R80.x?

Which one I don't really care also I did not know we were limited to R80 here.

We have our users setup with a Tacacs server and we are lookin g to replace it by a direct connection to an AD server so we can kick the middle man.

I never configured IA on a global level and do not know if it can be done, as that is what I would need to get the abiolity to check the user with the AD.

We are not talking about WebUI or CLI here but really SmartDashboard or SmartConsole users.

From SK63166 it seems the only option is a Radius server, which is again a middleman.

Regards, Maarten
0 Kudos
Employee
Employee

Re: Multi-domain Admin user authentication to AD?

Hi All,

Indeed currently login to Smart Console with AD authentication is not support by default as part of the GA product.

However, we have recently developed a solution that is offered in a limited availability due to limitations that might apply to some of the customers.

In order to get this solution you can approach Check Point solution center. We recommend waiting for R80.30 but in case you need it on top of R80.20 we can also consider it.

Thanks,

Yaelle  Harel |  Group Manager

Check Point Software Technologies | Management Product

Jeff_Gao
Nickel

Re: Multi-domain Admin user authentication to AD?

R80.30 still not supported login GUI/WEB/CLI or smartconsole byldap authentication. I already want to Tsukkomi.Why can't checkpoint add this feature

Re: Multi-domain Admin user authentication to AD?

@Yaelle_Harel I do not see the option in SmartConsole to choose a LDAP server/account uinit for authentication in R80.30 multi domain?
Has this been moved on to the next Jumbo or next version?
Regards, Maarten
Employee
Employee

Re: Multi-domain Admin user authentication to AD?

Hi,

The feature was released in limited availability, therefore, in order to activate it you should contact solution center.

It doesn't require any additional installation, just activation.

 

Thank you

 

Yaelle

 

Highlighted
Jeff_Gao
Nickel

Re: Multi-domain Admin user authentication to AD?

@Yaelle_Harel How to contact solution center,thanks
Employee
Employee

Re: Multi-domain Admin user authentication to AD?

Hi

I asked someone from solution center to reply as I'm not familiar with the procedures.

Thanks

Yaelle