- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- RemoteAccess Users view password or export account...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RemoteAccess Users view password or export accounts
Hi everbody
I have some RemoteAccess users (30) authentified by "Check Point Password" on a Firewall. I need to create some same users (6) on another Firewall (not the same management). Is it possible to view in clear the 6 passwords or to export/import the 6 accounts (name/password).
Thank you for your help.
Laurent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should be able to do it with dbedit with something like "show users username".
A hash of the password will be exported (not the clear text)--not sure if that can be imported into another system (haven't tried it yet).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, This is how it looks on R77.30 (no hash, no plain-text password):
dbedit> print users admin
Object Name: admin
Object UID: {9813617A-70C8-4DF6-ADA6-A4BD87FCE69B}
Class Name: user
Table Name: users
Last Modified by: admin
Last Modified from:
Last Modification time: Sun Sep 9 08:18:44 2018
Fields Details
--------------
accessible_from_smc: true
admin_expiration_base_data: admin (
expiration_date: 31-dec-2030
expiration_date_method: expire at
expiration_date_visual_notif: true
)
administrator: false
administrator_profile: NULL
auth_method: Internal Password
color: black
comments:
connection_state: uninitialized
creation_date: 8/27/2018
days: 127
destinations: Name: Any (Table: globals)
email:
expiration_according_to_global_def: true
expiration_visual_indication_mgmt: true
fromhour: 00:00
generic_profile: false
generic_profile_settings: (
<NULL>
)
groups: Name: TESTING (Table: users)
internal_password: Sensitive Info Removed
name: admin
notdelete: false
phone_number:
radius_server: Name: Any (Table: globals)
sic_identifier: (
id_type: ip_addr
id_value:
)
sic_name:
sources: Name: Any (Table: globals)
tacacs_server: Name: Any (Table: globals)
tohour: 23:59
type: user
use_fw_radius_if_exist: true
userc: (
FWZ: (
<NULL>
)
IKE: (
isakmp.authmethods: signatures
isakmp.data.integrity: SHA1
isakmp.encmethods: DES 3DES
isakmp.encryption: 3DES
isakmp.hashmethods: MD5 SHA1
isakmp.shared.secret:
isakmp.transform: ESP
)
accept_track: Name: Auth (Table: tracks)
use_global_encryption_values: true
)
And from GuiDBedit:
So the password (in hash), must be stored in some database.
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R77.30:
The hashes for Remote Access users should be stored in following file:
/var/opt/CPsuite-R77/fw1/conf/fwauth.NDB
The hashes (internal_password) are 13 characters long.
But maybe the better way how to accomplish your plan (to export users) is to use migrate export utility from management.
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Thank you for the information about dbedit. If I use the migrate export utility how can I import the 6 users account only in the other Firewall ?
Regards
Laurent
