This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AkiYa
Contributor
‎2023-07-08 07:50 AM

Remote Access VPN with MFA - cannot change password

Hi guys,

some months ago our supplier configured the Remote Access VPN to authenticate through a Radius server (Microsoft NPS) -> Azure in order to use the Microsoft Authenticator app on the phone as MFA.
Everything works as expected but when it comes to change the password users don't get any message and field to change it, the error is always "wrong username or password".

Compared to the old Username_Password method, directly managed by the firewall that can write to the DC, now if a password is expired or an admin force the change at the next login, users can't do nothing.

For what I see the supplier configured the radius protocol on the SMS as PAP instead of MS-CHAPv2, which should be the reason why the password change is not allowed, is it right?

I told them about this and after some tests they answered that the Check Point Endpoint Connect client doesn't support the password change when using Radius, but I'm still not convinced.

Can you please confirm if the password change is supported in this configuration?
If yes it would be nice to have a guide or something.

Thanks!

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-07-09 08:24 AM

To the best of my knowledge, this is not supported and would require an RFE with your local Check Point office.
You may want to confirm with the TAC, though: https://help.checkpoint.com 

0 Kudos
daniextremo
Explorer
‎2023-10-27 05:39 AM

Hi Akiya,

Since time ago, I have the same problem with externals users. The vpn AD User password expire and they need call us for set a new password. Did you get a solution?

Regards

0 Kudos
AkiYa
Contributor
‎2023-10-30 04:25 AM
In response to daniextremo

Hi @daniextremo ,

no, unfortunately as absurd as it may be the Radius MFA doesn't support the password change, so we decided to move forward to Azure SAML authentication (which leads to other minor issues, but at least it make possible to change the password for users).

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top