- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Multi-domain Admin user authentication to AD?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Multi-domain Admin user authentication to AD?
Is there a possibility to use ad AD connection to authenticate Admin users for a Multi Domain environment? Currently we use a TacAcs solution but this mean an additional server in between the MDS and the AD.
- Tags:
- active directory
- mds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
of course you can with IA Blade Admin for MDS means priviledged-user (Super User) not Domain Admin from AD - just bear in mind. All written and explained in R80.xx Management Admin Guide.
ps. R80.xx has no MDS (R77.xx has) so all you need is Identity for certain users and giving them Super User rights by Management Permissions and Administrators (unless you refer to R77.xx where it is actually quite similar afaik)
one more thing, if you're talking AD you talking LDAP you know that?
otherwise TACACS and RADIUS are also supported.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi please refer sk63166: LDAP Administrator login for GUI Clients.
As I recall this (OS password) used to be an option only for security management installations based on Windows (not GAiA).
/Edit: Please refer sk145392
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh yeah whats in a name, Provider 1, still used in the code? MDS, R77.30 or MDSM for R80.x?
Which one I don't really care also I did not know we were limited to R80 here.
We have our users setup with a Tacacs server and we are lookin g to replace it by a direct connection to an AD server so we can kick the middle man.
I never configured IA on a global level and do not know if it can be done, as that is what I would need to get the abiolity to check the user with the AD.
We are not talking about WebUI or CLI here but really SmartDashboard or SmartConsole users.
From SK63166 it seems the only option is a Radius server, which is again a middleman.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
Indeed currently login to Smart Console with AD authentication is not support by default as part of the GA product.
However, we have recently developed a solution that is offered in a limited availability due to limitations that might apply to some of the customers.
In order to get this solution you can approach Check Point solution center. We recommend waiting for R80.30 but in case you need it on top of R80.20 we can also consider it.
Thanks,
Yaelle Harel | Group Manager
Check Point Software Technologies | Management Product
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has this been moved on to the next Jumbo or next version?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The feature was released in limited availability, therefore, in order to activate it you should contact solution center.
It doesn't require any additional installation, just activation.
Thank you
Yaelle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I asked someone from solution center to reply as I'm not familiar with the procedures.
Thanks
Yaelle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Yaelle_Harel, I've been playing with the AD connection but I'm having some issues getting it to work. I created a LDAP account Unit with MS-AD config as you would for Identity Awareness.
After this we wanted to make some changes in this configuration but a tcpdump shows that nothing that we change is taking effect.
The only thing we come back to all the time is that a install database is not done to the management servers, the publish is not making any changes.
We have enabled SSL for instance, but the tcpdump just keeps showing the 389 port.
O I think when you enable this you need to be 100% sure your config is done right the first time as changes done afterwards are not reflected in the working.
@Ofer_Barzvi, please have this option (Install database on the Global policy) enabled ASAP??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Maarten,
Thank you for the important feedback. In order to address your question some more information is needed.
I moved to a new role, but I have sent you the email address of the person who replaced me. You can contact him directly or continue the discuss here, as you prefer.
Thank you
Yaelle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone knows if authentication to an ActiveDirectory for SmartConsole-Admins without using TACACS or RADIUS is still a secret or is it available in R80.30 ?
If yes, following question will be how can we activate this ?
Wolfgang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sk145392: SmartConsole Active Directory Authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
