cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Sanjay_S
Nickel

Checkpoint Firewall Radius Authentication

We were using local authentication to login to firewall till date. Now i have configured the Radius server for authentication. I am now able to authenticate but getting the below error for any of the commands i type in.

> cphaprob stat
/tmp/.CPprofile.sh: line 1: /opt/CPshrd-R80/scripts/cpprofile_functions.sh: Permission denied

Checked the tmp permission is already 1777 when checked with admin account.

Please let me know how to get this resolved. All radius users should have access as admin account which is currently a local account.

Let me know if you need any more details on this.

0 Kudos
12 Replies
Jerry
Gold

Re: Checkpoint Firewall Radius Authentication

in order to you CLI with RADIUS users you don't do RADIUS in SmartDash making the OPSEC RADIUS Auth. scheme.
for local gateway (I presume HA Cluster) and clish/bash users RADIUS need to be configured in a slightly different matter, have you search this Community with a query "RADIUS CLISH"? Try 🙂 There is one post called "Expert mode"
Jerry

Re: Checkpoint Firewall Radius Authentication

It seems you are calling cphaprob stat form clish and not bash. try defining bash as a default shell, it will help to get to the root of the issue

Jerry
Gold

Re: Checkpoint Firewall Radius Authentication

Val,

cphaprob stat works also from CLISH!
Jerry
0 Kudos
Jerry
Gold

Re: Checkpoint Firewall Radius Authentication

[Expert@FW:0]# clish
FW> cphaprob stat

Cluster Mode: High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 (local) 1.1.1.1 100% Active
2 1.1.1.2 0% Standby

Local member is in current state since Thu Jan 31 11:57:41 2019
Jerry
0 Kudos

Re: Checkpoint Firewall Radius Authentication

Which vendor you use for Radius authentication? 

In our case we use Gemalto and it required to create local users on gateway in order to provide really admin level access.

0 Kudos
Sanjay_S
Nickel

Re: Checkpoint Firewall Radius Authentication

Hi Martin,
It is a free Radius we are using. So if we create local users then the radius authentication is of no use right?
0 Kudos

Re: Checkpoint Firewall Radius Authentication

0 Kudos
Sanjay_S
Nickel

Re: Checkpoint Firewall Radius Authentication

But Martin,
I am able to authenticate with Radius now. Actual problem is few of the commands are not working for example cphaprob stat.
0 Kudos

Re: Checkpoint Firewall Radius Authentication

One thing is to get authenticated and other thing is to be authorized to run certain commands, that's why it's AAA( authenticate,authorize,accounting)

0 Kudos
Sanjay_S
Nickel

Re: Checkpoint Firewall Radius Authentication

Sure Martin.
Will try that and get back to you guys if any issues.
0 Kudos
Highlighted
Jerry
Gold

Re: Checkpoint Firewall Radius Authentication

not really Sanjay, it is all down to the configuration, please follow provided sk (from Martin) as it is explaining what it means "sequence of auth" in more or less sort of "AAA model" for Checkpoint 🙂
Jerry
0 Kudos
Sanjay_S
Nickel

Re: Checkpoint Firewall Radius Authentication

Sure Jerry.
Will try that and get back to you guys if any issues.
0 Kudos