Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Marko_Keca
Contributor
Jump to solution

Expired Accounts view in R80.10 SmartConsole

Hello all, can anyone point me where can Expired Accounts be found in R80.10 SmartConsole?

In R77.30 SmartDashboard it was in status bar.

Thanks in advance!

Regards,

--

Marko

1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor

Hi everyone,

We will bring this feature to the Object Explorer in our next releases.

Indeed there are workarounds for now using dbedit CLI as well as opening SmartDashboard from a link such as the HTTPS Inspection etc. and then seeing it in the Object List - but these are workarounds, not our permanent solution.

Thank you for this feedback.

View solution in original post

29 Replies
Jerry
Mentor
Mentor

it depends if you use IA (Identity Awarness Blade) or just Management Account (those can be found in Management Administrators

Jerry
0 Kudos
Marko_Keca
Contributor

We are using IA Blade, but user accounts with expiration set are local user accounts used for VPN access, not Management Administrators.

0 Kudos
Jerry
Mentor
Mentor

Open Object Explorer from the TOP Menu and search for Users/Groups Smiley Happy

Jerry
0 Kudos
Marko_Keca
Contributor

If it would be so simple I wouldn't ask the question in first place Smiley Happy

In Objects Explorer there is no column "Expiration date" or similar, which would be more than helpful

0 Kudos
Jerry
Mentor
Mentor

sorry didn’t meant to insult or imply anything just wanted to help  by giving a hint

now when you confirm that the question remains whether you guys use RADIUS or not ?

when you click that Expired Account on the bottom what does it say?

Jerry
0 Kudos
Marko_Keca
Contributor

No insult taken. Just wanted to say I have exhausted all options I could find including CLI API, prior to asking question here.

All users are locally defined on Management server.

In R80.10 there is no Expired Account on bottom.

In R77.30 it opens window like this:

The only way I could see something similar i R80.10 is to open Mobile Access configuration, which opens old fashioned SmartDashboard, and then in Object List choose Users and Administrators, and sort it by expiration date.

My question is if there is a way to do it directly from R80.10 SmartConsole? I can't find how to do it.

0 Kudos
Jerry
Mentor
Mentor

I got it so it effectively means your users were created for MAB not for using Management bit. Fine. So in terms of that there is no way you could see those users in new R80.10 as that build uses the same old-fashion way of MAB Management too.

When you on R80.10 and you use Mobile Access Blade your Management for those using it including users, their certs (those can be done also from R80.10 Users Management) is mainly via R77.30 Style Dashboard which comes up when you click it down on the Management Tab. So answering your question - no, you cannot manage those users from R80.10 SmartConsol as it redirects you anyway to old-style Dash with MAB Tab management.

hope it sorted it out Smiley Happy

Jerry

Jerry
0 Kudos
Marko_Keca
Contributor

Unfortunately not as we are not using MAB at all.

I just use the link in SmartConsole to launch old SmartDashboard and get Object List to see expired users. It is only workaround for something I should be able to see from SmartConsole itself.

Users and passwords are created thorough SmartConsole, and every user has expiration date set. Even if don't use it in any blade, any rule, I would like to see which ones are expired without opening each one of them.

Thanks for your help and suggestions! I don't mean to offend you, but I'm not sure you are getting the point what I'm asking

So I will rephrase my question:

Is it possible to see User account expiration field for multiple users at once in SmartConsole, without opening View for each user separately?

0 Kudos
Jerry
Mentor
Mentor

alright then, I don't see any other option Marko and frankly I don't think there is any other than you've mentioned.

I tried the same in my lab just now and I see no option to see that by R80.10 SmartConsole I'm afraid.

Sorry to disappoint you but I think you're correct. The only way of doing what's your aim is to do that the way you just did explain.

Jerry
0 Kudos
JozkoMrkvicka
Authority
Authority

There is Global Properties settings for notification about expiration of UA:

Also this check is part of Compliance Blade, but there is in fact no information about specific Users, just expiration based on settings on Global Settings at all.+

That notification about accounts which are going to be expired in 14 days .... is missing....

Kind regards,
Jozko Mrkvicka
0 Kudos
Jerry
Mentor
Mentor

wrong! it wasn’t about Administrators but regular users Smiley Happy

Jerry
0 Kudos
JozkoMrkvicka
Authority
Authority

I have meanwhile updated my comment 

Kind regards,
Jozko Mrkvicka
0 Kudos
JozkoMrkvicka
Authority
Authority

Workaround using CLI:

echo -e "query users, administrator='false' \nquit" | dbedit -local | grep -E 'Object Name: |expiration_date:' | sed 's/Object Name://g' | sed 's/expiration_date://g' | sed 's/ //' | sed 's/        //'

Output from this command will be:

testing_user 1
14-Jun-2017
User_new
14-Aug-2018
User1
05-Aug-2018
user with space in the Name1
31-dec-2030

Compared with GUI:

Kind regards,
Jozko Mrkvicka
0 Kudos
Marko_Keca
Contributor

Thanks Jozko for CLI command!

I have improved it a little bit to get more formatted output:

echo -e "query users, administrator='false' \nquit" | dbedit -local | grep -E 'Object Name: |expiration_date:' | sed 's/Object Name://g' | sed 's/expiration_date://g' | sed 's/ //' | awk 'NR==1&&!/^ /{n=$0}NR!=1&&!/^ /{print n,p; n=$0; p="";}/^ /{p=p";"$0;}END{print n,p;}' | sed 's/        //' | sed 's/ ;/;/'
Realeboga_Mashi
Contributor

Marko, can you output that to a text file?

0 Kudos
Realeboga_Mashi
Contributor

Thanks Jozko, to where does this command output the file to?

Below is the command I usually execute to extract all locally defined users:

==>   fwm dbexport -f /tmp/VPN_Users_.xls

Then I will FTP the file out of the Manager to a desired location.

0 Kudos
JozkoMrkvicka
Authority
Authority
Just replace /path/to/folder/ to the desired location

echo -e "query users, administrator='false' \nquit" | dbedit -local | grep -E 'Object Name: |expiration_date:' | sed 's/Object Name://g' | sed 's/expiration_date://g' | sed 's/ //' | sed 's/        //' > /path/to/folder/users_expiration_dates.txt
Kind regards,
Jozko Mrkvicka
0 Kudos
Realeboga_Mashi
Contributor

Thank you...works like a charm.

I managed to extract the report.

Realeboga_Mashi
Contributor

I'd like to do some formatting of the text file...how can I have the user name and the expiry date on the same line?

0 Kudos
Realeboga_Mashi
Contributor

Jozko, can you please add another field "comment" to the query?

0 Kudos
JozkoMrkvicka
Authority
Authority

Just replace /path/to/folder/users_expiration_dates.txt to the desired location.

echo -e "query users, administrator='false' \nquit" | dbedit -local | grep -E 'Object Name: |expiration_date:|comments: ' | sed 's/Object Name://g' | sed 's/expiration_date://g' | sed 's/comments://g' | sed 's/ //' | sed 's/        //' | sed 's/    //' | paste -d' ' - - - > /path/to/folder/users_expiration_dates.txt‍

Every user + expiration date + comment is in the separate line.

Kind regards,
Jozko Mrkvicka
Realeboga_Mashi
Contributor

Thank you Jozko, this is very powerful! Thanks again - you made my day.

Tomer_Sole
Mentor
Mentor

Hi everyone,

We will bring this feature to the Object Explorer in our next releases.

Indeed there are workarounds for now using dbedit CLI as well as opening SmartDashboard from a link such as the HTTPS Inspection etc. and then seeing it in the Object List - but these are workarounds, not our permanent solution.

Thank you for this feedback.

Marko_Keca
Contributor

Thanks Tomer for the info.

0 Kudos
abihsot__
Advisor

Hi Tomer,

any estimate? It's been for a while...

0 Kudos
skippy_jeans407
Explorer

We are on R80.20 and this is still an issue. Is there any fix coming?

0 Kudos
PhoneBoy
Admin
Admin

Expiration date shows in Object Explorer from R80.20 onward.
Click on Objects in the upper left and select Object Explorer.
Then choose Users > Users.

Screen Shot 2020-01-07 at 5.22.05 PM.png

0 Kudos
Roman_Petry
Participant

Hi. Thanks for those posts here. But how do i Update all the Users in one Bulk Update via the gui.. I can see all Infos in the Object Explorer, but can only change this for one object at the same time.. i need to modify 300 Users.

Any hint for me.. Thanks

bye

roman

0 Kudos
PhoneBoy
Admin
Admin

Can’t be done via SmartConsole but can be scripted via the API.
See: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Change-expiration-date-of-users-u...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events