Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sanjay_S
Advisor

Checkpoint Firewall Radius Authentication

We were using local authentication to login to firewall till date. Now i have configured the Radius server for authentication. I am now able to authenticate but getting the below error for any of the commands i type in.

> cphaprob stat
/tmp/.CPprofile.sh: line 1: /opt/CPshrd-R80/scripts/cpprofile_functions.sh: Permission denied

Checked the tmp permission is already 1777 when checked with admin account.

Please let me know how to get this resolved. All radius users should have access as admin account which is currently a local account.

Let me know if you need any more details on this.

0 Kudos
12 Replies
Jerry
Mentor
Mentor

in order to you CLI with RADIUS users you don't do RADIUS in SmartDash making the OPSEC RADIUS Auth. scheme.
for local gateway (I presume HA Cluster) and clish/bash users RADIUS need to be configured in a slightly different matter, have you search this Community with a query "RADIUS CLISH"? Try 🙂 There is one post called "Expert mode"
Jerry
_Val_
Admin
Admin

It seems you are calling cphaprob stat form clish and not bash. try defining bash as a default shell, it will help to get to the root of the issue

Jerry
Mentor
Mentor

Val,

cphaprob stat works also from CLISH!
Jerry
0 Kudos
Jerry
Mentor
Mentor

[Expert@FW:0]# clish
FW> cphaprob stat

Cluster Mode: High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 (local) 1.1.1.1 100% Active
2 1.1.1.2 0% Standby

Local member is in current state since Thu Jan 31 11:57:41 2019
Jerry
0 Kudos
Martin_Valenta
Advisor

Which vendor you use for Radius authentication? 

In our case we use Gemalto and it required to create local users on gateway in order to provide really admin level access.

0 Kudos
Sanjay_S
Advisor

Hi Martin,
It is a free Radius we are using. So if we create local users then the radius authentication is of no use right?
0 Kudos
Martin_Valenta
Advisor

0 Kudos
Sanjay_S
Advisor

But Martin,
I am able to authenticate with Radius now. Actual problem is few of the commands are not working for example cphaprob stat.
0 Kudos
Martin_Valenta
Advisor

One thing is to get authenticated and other thing is to be authorized to run certain commands, that's why it's AAA( authenticate,authorize,accounting)

0 Kudos
Sanjay_S
Advisor

Sure Martin.
Will try that and get back to you guys if any issues.
0 Kudos
Jerry
Mentor
Mentor

not really Sanjay, it is all down to the configuration, please follow provided sk (from Martin) as it is explaining what it means "sequence of auth" in more or less sort of "AAA model" for Checkpoint 🙂
Jerry
0 Kudos
Sanjay_S
Advisor

Sure Jerry.
Will try that and get back to you guys if any issues.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events