cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Check Point Radius Access to SmartConsole with no local user

Hi CheckMates,

I am looking in to Radius authentication of an AD user to allow login to SmartDashboard

Is it possible to give an AD user access to SmartDashboard using Radius without having to add it first in the -> manage & settings -> Permissions & administrators -> administrators ?

My wish is to have a group in Active Directory that I can add an AD user to and then he/she can login to the SmartDashboard.

If that is not possible and i HAVE TO use a local user - then I want to associate one checkpoint local user - it could be a user called radius_admin - to all users that try to login to the smart dashboard. If the user is approved in AD/Radius then the login is allowed - can this be done ? 

users

Best regards

Keld Norman

0 Kudos
3 Replies
Nüüül
Copper

Re: Check Point Radius Access to SmartConsole with no local user

Hi,

Two years ago I tried similar thing on 77.20 and ended up with creating the users and authorize them with the built in groups. Password came from RADIUS

regarding this:

Security Management R80.20 Administration Guide 

it did not change. neither for TACACS or SecureID

Cheers,

Daniel

Re: Check Point Radius Access to SmartConsole with no local user

Thanks Daniel Meier Smiley Happy 

Was it for administrators to access the SmartDashboard you made that setup ? or for VPN or other services for users ?

By the way, a note about radius for SSH and WebGui access:

    I found that the setup in the webgui only supports PAP by default (also known as rfc1334) where credentials are transmitted from the Radius Client in plain text or rather .. it  XORs the password with an MD5 hash based on the shared secret and transmit that to the radius server.

(So I did not configure that to avoid creating a security risk and failing compliance checks.)

0 Kudos
Nüüül
Copper

Re: Check Point Radius Access to SmartConsole with no local user

Hi,

I did it for authenticating Administrators. Ended up with SafeNet Token Authentication Smiley Happy

For VPN I either ended up with LDAP only, or using a Cisco ASA, as it is more flexible

Cheers

Daniel

Cheers,

Daniel
0 Kudos