This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Steve_Pearson
Contributor
2 weeks ago

New LDAP Account Unit and Radius Server

I am looking at testing a new Radius server to replace an existing third party one that is being removed from the environment. The replacement is a Microsoft NPS server, but i'm not overly familiar with this.

So I'm looking for a way to test this without removing or changing the current LDAP Account unit and Radius server objects, hence creating new ones, however i'm not sure the best way forward. Firstly nobody seems to know the password for the SSO account in AD, so that will need to be changed, but hopefully once updated on the existing objects this won't cause a problem. Once thats done, I can create the new ones but not sure how to configure the NPS side.

I've seen articles about configuring it for use with Gaia, but this is for use with Identity Awareness agents so not sure if that will be the same.

Can anyone point me in the right direction or to an SK that details this at all please?

It would also be nice to use encrypted authentication rather than simple PAP.

Thanks,

Steve

0 Kudos
4 Replies
the_rock
Legend
Legend
2 weeks ago

Hey Steve,

I read your post carefully and in my mind, the way Im looking at this is as long as new ldap account unit you create in smart console, if server referenced has connection to the gateway, it can be tested that way, without having to make authentication mandatory, at least for the time being.

Now, since you said no one seems to know SSO password, then making that work in smart console would be an issue. Doing tcpdump on port 1812 would be easiest way to see if this would function, but again, thats only if communication is there, otherwise it will fail.

Lets see if someone else may have an idea.

Andy

0 Kudos
the_rock
Legend
Legend
2 weeks ago

Hey Steve,

I had similar ask today from a customer, but in regards to remote access. I ended up opening TAC case, since I find its always better to have those things in writting. Probably would not hurt if you do the same, hopefully they can provide good suggestions.

Andy

0 Kudos
Steve_Pearson
Contributor
2 weeks ago
In response to the_rock

Hi Andy,

I was thinking the same thing, but first I wanted to sort the password issue out so I got this reset last night and applied the password to the config. That looks good, no issues reported so far, both RA and IA that use the Account unit are working normally, so I'm going to open a TAC case today to see if they can provide the required info.

Steve

0 Kudos
the_rock
Legend
Legend
2 weeks ago
In response to Steve_Pearson

Good idea Steve!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events