This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
xiro
Contributor
‎2021-12-13 02:32 AM

Login to SC with an AD user in "Protected Users Security Group" not possible

Hi,

 

as the title says, we currently face the problem that login to SC with AD-authentication is not possible, if the account is member of the group "Protected Users Security Group":

https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/prote...

Customer's admins are now in this group, which makes it impossible to manage the FW. Before implementing a workaround with a second account, I want to check if anyone has faced this before.

 

Is this known behavior and is there any workaround? 

 

THX in advance!

 

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-12-13 12:46 PM

SC = SmartConsole?
What version/JHF version?

0 Kudos
xiro
Contributor
‎2021-12-13 01:04 PM
In response to PhoneBoy

yes, SmartConsole.

Server is 80.40 T125

SC was tested with different versions, including newest 80.40 build 425.

This is the configuration of the affected admins:

Screenshot 2021-12-13 220327.jpg

0 Kudos
PhoneBoy
Admin
Admin
‎2021-12-13 01:53 PM
In response to xiro

Suggest debugging fwm to see why it's failing: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
You might need a TAC case to get to the bottom of it, though.

0 Kudos
Norbert_Bohusch
Advisor
‎2021-12-13 10:49 PM
In response to xiro

As you are using Radius for authentication the question is how is the Radius server authenticating against AD.

Does this comply with protected users group? E.g. LDAP(S) is not!

0 Kudos
Labels