Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

VPN Client with MFA and LDAP

Jump to solution

Hello,

I have an issue with my Gateway, here is the scenario:

- I have some local accounts on the gateway, which are configured to be authenticated via a Radius server

- If I set the Gateway Cluster Properties -> VPN Clients -> Authentication -> Authentication Method to "Username and Password", then LDAP users authenticate successfully, but local accounts fail to authenticate, and that makes sense because the local accounts are configured to authenticate against a Radius server. So no problem here.

-Now, If I set the Authentication Method in the Cluster's properties to "Defined On User Record (Legacy)", the local accounts authenticate successfully (which is normal), but the LDAP accounts fail to authenticate with the reason message in the log: "No pre-shared secret defined for user."

 

If I search for this error message, I find the following link:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

which says, that the Authentication Method on the cluster's properties should match the Authentication Method set in the template used in the LDAP Account Unit, but this is not possible, because the template has no option which says: Defined On User Record !! In another word, the template's Authentication Methods (attached file 1.jpg) are different from the Cluster's properties' Authentication Methods (attached file 2.jpg)te

 

Did someone experience the same issue before? can someone help me here? let me know if you need more information.

 

Thank you and regards,

Jameel

0 Kudos
2 Solutions

Accepted Solutions
Highlighted

Uncheck the Use user template and enable the Default authentication scheme and select authentication method you want rather then using what is in the Template.

View solution in original post

0 Kudos
Highlighted
Participant

Hi All,

I found the solution of the other issue with random passwords.

In LDAP Account Unit, "Object Management" tab, "Branches in use" section, there was a "space" after the entry of the OU, in which the users were able to authenticate with random passwords.

 

After I removed the additional space, the users are able again to authenticate only with their correct passwords.

This is a bug in Checkpoint and they are working on fixing this error and will release a new hotfix for that particular issue.

View solution in original post

0 Kudos
5 Replies
Highlighted

Uncheck the Use user template and enable the Default authentication scheme and select authentication method you want rather then using what is in the Template.

View solution in original post

0 Kudos
Highlighted
Participant

I've sorry for the late response.

 

I've changed it as suggested and it worked, thank you.

But now I have another issue, that some of our users are authenticating and connecting even with random passwords !!! what could be the issue here?

0 Kudos
Highlighted
Participant

Hi, Sorry for asking this, what is the function of the User's default values setup ? what do i need to choose either one or can leave the section blank ?

Hope you guys can helpme understand the setting function.

 

Thanks

0 Kudos
Highlighted
Participant

Hi Muhamad,

Which value do you mean? can you please send a screenshot of the value you want to set?

0 Kudos
Highlighted
Participant

Hi All,

I found the solution of the other issue with random passwords.

In LDAP Account Unit, "Object Management" tab, "Branches in use" section, there was a "space" after the entry of the OU, in which the users were able to authenticate with random passwords.

 

After I removed the additional space, the users are able again to authenticate only with their correct passwords.

This is a bug in Checkpoint and they are working on fixing this error and will release a new hotfix for that particular issue.

View solution in original post

0 Kudos