Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Juan_Carlos
Contributor

Automate Administrators creation on R80.10 SMS

Jump to solution

Hello,

I need to find a way to automate Administrators creation with RADIUS authentication on several Security Sanagement Servers. I don't want the RADIUS administrator to connect on each Security Management Server to creates the Administrators (he is not allowed to do that). I have tried to use the API but unfortunately I got the following message telling me it's not supported :


[sms]# mgmt_cli --port <PORT> -u <USER> -p <PASSWORD> add administrator name "<NAME>" authentication-method "radius" radius-server "<RADIUS_SERVER>"
code: "err_inappropriate_domain_type"
message: "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."

Executed command failed. Changes are discarded.
[sms]#


Any idea/trick that I could use to achieve what I want to do?

Thanks Smiley Happy

0 Kudos
Reply
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

You just need to add:

 domain "System Data"

To your command.

View solution in original post

10 Replies
Marco_Valenti
Advisor

As the command say this syntax should be used for multi domain env , if you have a smart center you probably need to fix the syntax of this command seems that a permission profile is missing too

Those are example from the api reference

add-administrator

Command

add administrator name "admin" password "secret" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "INTERNAL_PASSWORD" permissions-profile "read write all" --format json  • "--format json" is optional. By default the output is presented in plain text.  • This command is available using the SmartConsole CLI only on a Multi Domain environment and when logged into the MDS domain.

add-administrator (domain super user) in MDM

Command

add administrator name "super_admin" password "aaaa" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "INTERNAL_PASSWORD" multi-domain-profile "domain super user" --format json  • "--format json" is optional. By default the output is presented in plain text.  • This command is available using the SmartConsole CLI only on a Multi Domain environment and when logged into the MDS domain.

0 Kudos
Reply
Juan_Carlos
Contributor

Hello Marco,

Thanks for your quick reply.

I'm not sure I understand what you mean. Even if specifying a permission profile, the examples from the API reference guide says that this "is available using the SmartConsole CLI only on a Multi Domain environment". So it won't work on a SMS

Did I miss something? Smiley Happy

0 Kudos
Reply
Marco_Valenti
Advisor

Indeed I have missed that part too early morning here   so seems that is not supported  on a sms sorry for that

0 Kudos
Reply
Juan_Carlos
Contributor

No problem Smiley Happy

0 Kudos
Reply
PhoneBoy
Admin
Admin

You just need to add:

 domain "System Data"

To your command.

View solution in original post

Juan_Carlos
Contributor

Hi Dameon,

It's working, thanks for your help 

0 Kudos
Reply
Marco_Valenti
Advisor

a true jedi master advice Smiley Happy

weaamna
Employee Alumnus
Employee Alumnus
--domain 'System Data'
0 Kudos
Reply
Václav_Brožík
Contributor

For me domain "System Data" does not help. I have tested it in R80.10 and R80.20. The API also do not show me any domains:

> show administrators domain "System Data"

code: "err_inappropriate_domain_type"
message: "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."


> show administrators --domain "System Data"

code: "err_inappropriate_domain_type"
message: "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."


> show domains

objects: []
total: 0

 

0 Kudos
Reply
Paul_Hagyard
Contributor

I am guessing the SmartConsole CLI is logged in to a specific domain - and does not let you specify the domain. This is a real pain if you're using a Check Point cloud SmartCenter (e.g. Endpoint Security cloud) as I don't think you can get OS CLI access (they wouldn't want you to...).

0 Kudos
Reply