This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Steve_Pearson
Collaborator
3 weeks ago
Jump to solution

New LDAP Account Unit and Radius Server

I am looking at testing a new Radius server to replace an existing third party one that is being removed from the environment. The replacement is a Microsoft NPS server, but i'm not overly familiar with this.

So I'm looking for a way to test this without removing or changing the current LDAP Account unit and Radius server objects, hence creating new ones, however i'm not sure the best way forward. Firstly nobody seems to know the password for the SSO account in AD, so that will need to be changed, but hopefully once updated on the existing objects this won't cause a problem. Once thats done, I can create the new ones but not sure how to configure the NPS side.

I've seen articles about configuring it for use with Gaia, but this is for use with Identity Awareness agents so not sure if that will be the same.

Can anyone point me in the right direction or to an SK that details this at all please?

It would also be nice to use encrypted authentication rather than simple PAP.

Thanks,

Steve

0 Kudos
1 Solution

Accepted Solutions
Steve_Pearson
Collaborator
a week ago
In response to the_rock
Jump to solution

Morning Andy,

I have this sorted now, but have discovered a couple of things you may be interested to know.....

There is a bug in SmartConsole build 671 whereby if you open an account unit object and as much as click on the Object management tab then you can't save any changes you've made. Even if you don't change anything, you will not be able to click OK to come out again as it doesn't read the branches. TAC confirmed this is an issue.

Secondly, SmartConsole does not play nicely if you change the screen scale to anything above 100% in the windows display  settings. There is nothing obvious but on certain screens it doesn't display the forms properly. (for example, Cluster properties, Identity Awareness, Identity Agent Settings, Authentication Settings, there is a little table listing the user directories, with Green/Red +/- buttons to the right side. If you have the screen scale above 100% these buttons will not be visible !!)

Regards,

Steve

View solution in original post

9 Replies
the_rock
MVP Gold
MVP Gold
3 weeks ago
Jump to solution

Hey Steve,

I read your post carefully and in my mind, the way Im looking at this is as long as new ldap account unit you create in smart console, if server referenced has connection to the gateway, it can be tested that way, without having to make authentication mandatory, at least for the time being.

Now, since you said no one seems to know SSO password, then making that work in smart console would be an issue. Doing tcpdump on port 1812 would be easiest way to see if this would function, but again, thats only if communication is there, otherwise it will fail.

Lets see if someone else may have an idea.

Andy

0 Kudos
the_rock
MVP Gold
MVP Gold
3 weeks ago
Jump to solution

Hey Steve,

I had similar ask today from a customer, but in regards to remote access. I ended up opening TAC case, since I find its always better to have those things in writting. Probably would not hurt if you do the same, hopefully they can provide good suggestions.

Andy

0 Kudos
Steve_Pearson
Collaborator
3 weeks ago
In response to the_rock
Jump to solution

Hi Andy,

I was thinking the same thing, but first I wanted to sort the password issue out so I got this reset last night and applied the password to the config. That looks good, no issues reported so far, both RA and IA that use the Account unit are working normally, so I'm going to open a TAC case today to see if they can provide the required info.

Steve

0 Kudos
the_rock
MVP Gold
MVP Gold
3 weeks ago
In response to Steve_Pearson
Jump to solution

Good idea Steve!

0 Kudos
Steve_Pearson
Collaborator
a week ago
In response to the_rock
Jump to solution

Morning Andy,

I have this sorted now, but have discovered a couple of things you may be interested to know.....

There is a bug in SmartConsole build 671 whereby if you open an account unit object and as much as click on the Object management tab then you can't save any changes you've made. Even if you don't change anything, you will not be able to click OK to come out again as it doesn't read the branches. TAC confirmed this is an issue.

Secondly, SmartConsole does not play nicely if you change the screen scale to anything above 100% in the windows display  settings. There is nothing obvious but on certain screens it doesn't display the forms properly. (for example, Cluster properties, Identity Awareness, Identity Agent Settings, Authentication Settings, there is a little table listing the user directories, with Green/Red +/- buttons to the right side. If you have the screen scale above 100% these buttons will not be visible !!)

Regards,

Steve

the_rock
MVP Gold
MVP Gold
a week ago
In response to Steve_Pearson
Jump to solution

Excellent Steve, thanks for letting us know!

Andy

0 Kudos
the_rock
MVP Gold
MVP Gold
a week ago
In response to Steve_Pearson
Jump to solution

Btw Steve, I just tested that smart console build in the lab, did not have that issue...I am on win 11.

Andy

0 Kudos
Steve_Pearson
Collaborator
a week ago
In response to the_rock
Jump to solution

Which issue were you testing?

I'm on Win 11 SC build 671, on a Dell Pro Max 18 laptop

0 Kudos
the_rock
MVP Gold
MVP Gold
a week ago
In response to Steve_Pearson
Jump to solution

What you described below...

Andy

There is a bug in SmartConsole build 671 whereby if you open an account unit object and as much as click on the Object management tab then you can't save any changes you've made. Even if you don't change anything, you will not be able to click OK to come out again as it doesn't read the branches. TAC confirmed this is an issue.

Secondly, SmartConsole does not play nicely if you change the screen scale to anything above 100% in the windows display  settings. There is nothing obvious but on certain screens it doesn't display the forms properly. (for example, Cluster properties, Identity Awareness, Identity Agent Settings, Authentication Settings, there is a little table listing the user directories, with Green/Red +/- buttons to the right side. If you have the screen scale above 100% these buttons will not be visible !!)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events