Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Robin_Berthier
Participant

"mgmt_cli login" triggers err_login_failed and only works using "-r true"

Jump to solution

Hi,

I am trying to understand the requirements on the user account in order to connect to the web api without the need to be root.

Running "mgmt_cli login" with an admin user on an R80.20 management server triggers the error err_login_failed (message: Authentication to server failed).

No error is triggered if we use "mgmt_cli -r true" but we want to use session id and avoid logging in as root.

Attached are screenshots showing :

- [api status] the api is up with all access granted

- [user profile] the user (admin) has the "Management API Login" enabled

- [mgmt_cli login outputs] successful when run as root but failing when not using "-r true"

The same admin user account works fine to ssh to the management server or log into SmartDashboard.

Is there any requirement on the authentication method (we use "Checkpoint Password" here) to access the API without the need to be root (-r true)?

Thanks for any hint!

0 Kudos
1 Solution

Accepted Solutions
Robin_Berthier
Participant

Our customer responded and it turns out the issue was due to confusion with regards to "Checkpoint authentication" versus "OS authentication" when attempting to use mgmt_cli

They had 2 user accounts with the same name:

  • one created in the clish
    • with command "add user ..." and role "adminRole"
  • another -same user name- but created in SmartConsole
    • with "Checkpoint Authentication"
    • an administrator with "super user" profile

Each with a different password.

When invoking "mgmt_cli login", they were using the password of the account created in the clish instead of the SmartConsole account.

It took us a while to figure it out but were able to reproduce.

Thanks for hinting the issue was related to the password.

 

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
Does your password have any special characters?
Try creating a different user/password combination (one with a simple password like aaaa) to verify.
0 Kudos
Robin_Berthier
Participant

I asked the customer to check his password for special characters and will update the post as soon as I hear back.

Thank you for the suggestion.

 

0 Kudos
Robin_Berthier
Participant

Our customer responded and it turns out the issue was due to confusion with regards to "Checkpoint authentication" versus "OS authentication" when attempting to use mgmt_cli

They had 2 user accounts with the same name:

  • one created in the clish
    • with command "add user ..." and role "adminRole"
  • another -same user name- but created in SmartConsole
    • with "Checkpoint Authentication"
    • an administrator with "super user" profile

Each with a different password.

When invoking "mgmt_cli login", they were using the password of the account created in the clish instead of the SmartConsole account.

It took us a while to figure it out but were able to reproduce.

Thanks for hinting the issue was related to the password.

 

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
You could create a Gaia OS user and an admin user in SmartConsole with the same name and use "OS Password" as the authentication method.
Then you could use the same password for both users 🙂
In any case, glad you were able to figure it out.