This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jan_Kleinhans
Advisor
‎2020-08-05 02:50 AM
Jump to solution

Machine Authentication Certificate and User Authentication RADIUS

Hello,

we try to implement machine authentication to have the Windows Clients connect before the User Enters his credentials.

At the moment we are using RADIUS 2FA authentication. 

How to have the client send the certificate and then ask the user via SDL for RADIUS authentication?

We have enabled Machine Certificate Authentication when Available under VPN-Clients - Authentication.

There is a certificate on the client.

The authentication method is set to "Defined on User Record (Legacy)"

In the attached file are the settings of realms_for_blades

 

What do we have to change to use this feature?

 

Best regards,

 

Jan

realms_for_blades.png
Preview file
32 KB
0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2020-08-05 03:15 AM
Jump to solution

See sk86240: "Defined on user" scheme does not work with a second authentication scheme (except for DynamicID).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-08-05 03:15 AM
Jump to solution

See sk86240: "Defined on user" scheme does not work with a second authentication scheme (except for DynamicID).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Jan_Kleinhans
Advisor
‎2020-08-06 02:55 AM
In response to G_W_Albrecht
Jump to solution

Thank you very much. At the moment I will not be able to test this but this should be the problem.

0 Kudos
Milan_Jovanovic
Contributor
‎2020-10-21 03:32 AM
In response to G_W_Albrecht
Jump to solution

Hi Albrecht,

Regarding  solution on Machine Cert I have few questions:

When we implement Machine Cert is it possible at same time for some LDAP AD users for example in specific group or OU to use just AD user pass authentication without Machine Cert?

 When we implement Machine Cert are we able to authenticate with mobile device (Android,IOS etc) with endpoint client using same AD user for which is mandatory machine cert?

When we use AD + machine cert auth is it possible in same time for some users to use Local defined in SMS user+cert+pass endpoint authentication?

If answers are yes on this questions, can all of this function in same time?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top