This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Juan_Carlos
Contributor
‎2018-08-20 11:34 PM

Automate Administrators creation on R80.10 SMS

Jump to solution

Hello,

I need to find a way to automate Administrators creation with RADIUS authentication on several Security Sanagement Servers. I don't want the RADIUS administrator to connect on each Security Management Server to creates the Administrators (he is not allowed to do that). I have tried to use the API but unfortunately I got the following message telling me it's not supported :


[sms]# mgmt_cli --port <PORT> -u <USER> -p <PASSWORD> add administrator name "<NAME>" authentication-method "radius" radius-server "<RADIUS_SERVER>"
code: "err_inappropriate_domain_type"
message: "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."

Executed command failed. Changes are discarded.
[sms]#


Any idea/trick that I could use to achieve what I want to do?

Thanks Smiley Happy

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2018-08-21 04:15 PM

Jump to solution

You just need to add:

 domain "System Data"

To your command.

View solution in original post

10 Replies
Marco_Valenti
Advisor
‎2018-08-21 12:10 AM

Jump to solution

As the command say this syntax should be used for multi domain env , if you have a smart center you probably need to fix the syntax of this command seems that a permission profile is missing too

Those are example from the api reference

add-administrator

Command

add administrator name "admin" password "secret" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "INTERNAL_PASSWORD" permissions-profile "read write all" --format json  • "--format json" is optional. By default the output is presented in plain text.  • This command is available using the SmartConsole CLI only on a Multi Domain environment and when logged into the MDS domain.

add-administrator (domain super user) in MDM

Command

add administrator name "super_admin" password "aaaa" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "INTERNAL_PASSWORD" multi-domain-profile "domain super user" --format json  • "--format json" is optional. By default the output is presented in plain text.  • This command is available using the SmartConsole CLI only on a Multi Domain environment and when logged into the MDS domain.

0 Kudos
Juan_Carlos
Contributor
‎2018-08-21 12:43 AM
In response to Marco_Valenti

Jump to solution

Hello Marco,

Thanks for your quick reply.

I'm not sure I understand what you mean. Even if specifying a permission profile, the examples from the API reference guide says that this "is available using the SmartConsole CLI only on a Multi Domain environment". So it won't work on a SMS

Did I miss something? Smiley Happy

0 Kudos
Marco_Valenti
Advisor
‎2018-08-21 01:05 AM

Jump to solution

Indeed I have missed that part too early morning here   so seems that is not supported  on a sms sorry for that

0 Kudos
Juan_Carlos
Contributor
‎2018-08-21 04:47 AM
In response to Marco_Valenti

Jump to solution

No problem Smiley Happy

0 Kudos
PhoneBoy
Admin
Admin
‎2018-08-21 04:15 PM

Jump to solution

You just need to add:

 domain "System Data"

To your command.

Juan_Carlos
Contributor
‎2018-08-22 12:46 AM
In response to PhoneBoy

Jump to solution

Hi Dameon,

It's working, thanks for your help 

0 Kudos
Marco_Valenti
Advisor
‎2018-08-22 12:53 AM
In response to PhoneBoy

Jump to solution

a true jedi master advice Smiley Happy

weaamna
Employee Alumnus
Employee Alumnus
‎2019-03-17 06:49 AM
In response to PhoneBoy

Jump to solution 
--domain 'System Data'
0 Kudos
Václav_Brožík
Collaborator
‎2019-06-26 01:57 AM
In response to PhoneBoy

Jump to solution

For me domain "System Data" does not help. I have tested it in R80.10 and R80.20. The API also do not show me any domains:

> show administrators domain "System Data"

code: "err_inappropriate_domain_type"
message: "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."


> show administrators --domain "System Data"

code: "err_inappropriate_domain_type"
message: "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."


> show domains

objects: []
total: 0

 

0 Kudos
Paul_Hagyard
Collaborator
‎2019-11-28 06:06 PM
In response to Václav_Brožík

Jump to solution

I am guessing the SmartConsole CLI is logged in to a specific domain - and does not let you specify the domain. This is a real pain if you're using a Check Point cloud SmartCenter (e.g. Endpoint Security cloud) as I don't think you can get OS CLI access (they wouldn't want you to...).

0 Kudos