Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nasa
Participant

Is administrator login to manager via groups on tacacs or radius or ldap possible ?

I try to figure out if there is really no way to setup administrator authentication and autorization via groups.

Documentation shows only authentication via multiple authentication backends like radius, tacacs ... unfortunatley no ldap.

And even worse, every administrator account needs to be configured one by one, instead there will be one object per admin authrorization profile, that can be mapped to e.g. a radius attribute... or tacacs attribute... ..or ldap groupd but ldap is not mentioned for admin auth.

Configuring Authentication Methods for Administrators (checkpoint.com)

For users there is a way to authenticate them via ldap and maybe also some grouping, but for administrators I can not find anything. So I have to add/remove admin users name by name regularly on the management server, even if the user is on the backend (ldap) added/removed.

Does someone have more information on that topic ?

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

If you are talking about admins or ho connect via SmartConsole, you are correct.
Individual admins must be created.

R81.20 will allow authentication via SAML.
Not sure if that will also allow for defining a group of admins (versus defining individual users). 

nasa
Participant

Thank's a lot,

unfortunately we have to live with the overhead on user creation on backend (ldap) and on manager(s) for admin users.

0 Kudos