Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LM_51
Explorer

CheckPoint - Issue with command: show users

Hello all,

We are facing a problem when using a (service user - with admin rights) that connects via Radius server for a Checkpoint Device 1 and after execute the command (in clish mode): show users  it logout with any error message.

Checkpoint device is on Version R81.10 Kernel: 3.10.0-957.21.3cpx86_64.

Also, on this Checkpoint Device 1 if we log wiht our regular Radius users (with admin rights), and we execute the same command (in clish mode): show users, it list the users but we get a "Segmentation fault" message at the end of the users list.

On the other hand, we have other Checkpoint Device 2 with exactly the same version and same Kernel, and it works with the same  (service user - with admin rights) and with our regular Radius users.

 

Any ideas/solutions ?

We will appreciate.

 

  

0 Kudos
9 Replies
PhoneBoy
Admin
Admin

Recommend a TAC case here: https://help.checkpoint.com

0 Kudos
Chris_Atkinson
Employee Employee
Employee

How does the installed Jumbo (JHF) take differ between the two machines if at all?

 

CCSM R77/R80/ELITE
0 Kudos
nehakakar
Participant

The issue you're facing with the "show users" command on Checkpoint Device 1, causing a logout and segmentation fault, may be related to configuration or permission settings. I recommend checking the service user's configuration, verifying the Radius server settings, and comparing the configuration between Device 1 and Device 2. If the problem persists, contact Check Point support for further assistance.

LMartins
Participant

Hello nehakakar,

I think I found the problem regarding this link on Check Point:  https://support.checkpoint.com/results/sk/sk153952 

clish -c "show users" -d 5 > users_debug.txt

queryFPCandLOU(user=halt, loutoo=1)
FPC results: exp=n adm=n pol=n days=90
LOU results: exp=n adm=n pol=n tal=n non=n
Segmentation fault

The user that was causing the problem is the user "halt" /sbin/halt, my question is:

We can't delete and create this user again, right ?

Any ideas ?

Thanks in advance.

0 Kudos
the_rock
Legend
Legend

I think what @nehakakar said makes perfect sense.

Andy

LMartins
Participant

Hello,

I think I found the problem regarding this link on Check Point:  https://support.checkpoint.com/results/sk/sk153952 

clish -c "show users" -d 5 > users_debug.txt

queryFPCandLOU(user=halt, loutoo=1)
FPC results: exp=n adm=n pol=n days=90
LOU results: exp=n adm=n pol=n tal=n non=n
Segmentation fault

The user that was causing the problem is the user "halt" /sbin/halt, my question is:

We can't delete and create this user again, right ?

Any ideas ?

Thanks in advance.

0 Kudos
PhoneBoy
Admin
Admin

"halt" is one of our default users that cannot be disabled/removed: https://support.checkpoint.com/results/sk/sk98678
As I suggested earlier, please consult with the TAC: https://help.checkpoint.com 

LMartins
Participant

Thank you for your answer.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

sk153952 is only valid for EOL R80.10, so contacting CP TAC is the right suggestion here...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events