This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Juan_Carlos
Contributor
‎2018-08-20 11:34 PM
Jump to solution

Automate Administrators creation on R80.10 SMS

Hello,

I need to find a way to automate Administrators creation with RADIUS authentication on several Security Sanagement Servers. I don't want the RADIUS administrator to connect on each Security Management Server to creates the Administrators (he is not allowed to do that). I have tried to use the API but unfortunately I got the following message telling me it's not supported :


[sms]# mgmt_cli --port <PORT> -u <USER> -p <PASSWORD> add administrator name "<NAME>" authentication-method "radius" radius-server "<RADIUS_SERVER>"
code: "err_inappropriate_domain_type"
message: "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."

Executed command failed. Changes are discarded.
[sms]#


Any idea/trick that I could use to achieve what I want to do?

Thanks Smiley Happy

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2018-08-21 04:15 PM
Jump to solution

You just need to add:

 domain "System Data"

To your command.

View solution in original post

10 Replies
Marco_Valenti
Advisor
‎2018-08-21 12:10 AM
Jump to solution

As the command say this syntax should be used for multi domain env , if you have a smart center you probably need to fix the syntax of this command seems that a permission profile is missing too

Those are example from the api reference

add-administrator

Command

add administrator name "admin" password "secret" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "INTERNAL_PASSWORD" permissions-profile "read write all" --format json  • "--format json" is optional. By default the output is presented in plain text.  • This command is available using the SmartConsole CLI only on a Multi Domain environment and when logged into the MDS domain.

add-administrator (domain super user) in MDM

Command

add administrator name "super_admin" password "aaaa" must-change-password false email "admin@gmail.com" phone-number "1800-800-800" authentication-method "INTERNAL_PASSWORD" multi-domain-profile "domain super user" --format json  • "--format json" is optional. By default the output is presented in plain text.  • This command is available using the SmartConsole CLI only on a Multi Domain environment and when logged into the MDS domain.

0 Kudos
Juan_Carlos
Contributor
‎2018-08-21 12:43 AM
In response to Marco_Valenti
Jump to solution

Hello Marco,

Thanks for your quick reply.

I'm not sure I understand what you mean. Even if specifying a permission profile, the examples from the API reference guide says that this "is available using the SmartConsole CLI only on a Multi Domain environment". So it won't work on a SMS

Did I miss something? Smiley Happy

0 Kudos
Marco_Valenti
Advisor
‎2018-08-21 01:05 AM
Jump to solution

Indeed I have missed that part too early morning here   so seems that is not supported  on a sms sorry for that

0 Kudos
Juan_Carlos
Contributor
‎2018-08-21 04:47 AM
In response to Marco_Valenti
Jump to solution

No problem Smiley Happy

0 Kudos
PhoneBoy
Admin
Admin
‎2018-08-21 04:15 PM
Jump to solution

You just need to add:

 domain "System Data"

To your command.

Juan_Carlos
Contributor
‎2018-08-22 12:46 AM
In response to PhoneBoy
Jump to solution

Hi Dameon,

It's working, thanks for your help 

0 Kudos
Marco_Valenti
Advisor
‎2018-08-22 12:53 AM
In response to PhoneBoy
Jump to solution

a true jedi master advice Smiley Happy

weaamna
Employee Alumnus
Employee Alumnus
‎2019-03-17 06:49 AM
In response to PhoneBoy
Jump to solution 

--domain 'System Data'
0 Kudos
Václav_Brožík
Collaborator
‎2019-06-26 01:57 AM
In response to PhoneBoy
Jump to solution

For me domain "System Data" does not help. I have tested it in R80.10 and R80.20. The API also do not show me any domains:

> show administrators domain "System Data"

code: "err_inappropriate_domain_type"
message: "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."


> show administrators --domain "System Data"

code: "err_inappropriate_domain_type"
message: "This command can work only on domains of type MDS. Cannot execute it in the current domain (current domain type is Domain)."


> show domains

objects: []
total: 0

 

0 Kudos
Paul_Hagyard
Advisor
‎2019-11-28 06:06 PM
In response to Václav_Brožík
Jump to solution

I am guessing the SmartConsole CLI is logged in to a specific domain - and does not let you specify the domain. This is a real pain if you're using a Check Point cloud SmartCenter (e.g. Endpoint Security cloud) as I don't think you can get OS CLI access (they wouldn't want you to...).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events