This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jameelalsarraj
Participant
‎2020-03-03 01:29 AM
Jump to solution

VPN Client with MFA and LDAP

Hello,

I have an issue with my Gateway, here is the scenario:

- I have some local accounts on the gateway, which are configured to be authenticated via a Radius server

- If I set the Gateway Cluster Properties -> VPN Clients -> Authentication -> Authentication Method to "Username and Password", then LDAP users authenticate successfully, but local accounts fail to authenticate, and that makes sense because the local accounts are configured to authenticate against a Radius server. So no problem here.

-Now, If I set the Authentication Method in the Cluster's properties to "Defined On User Record (Legacy)", the local accounts authenticate successfully (which is normal), but the LDAP accounts fail to authenticate with the reason message in the log: "No pre-shared secret defined for user."

 

If I search for this error message, I find the following link:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

which says, that the Authentication Method on the cluster's properties should match the Authentication Method set in the template used in the LDAP Account Unit, but this is not possible, because the template has no option which says: Defined On User Record !! In another word, the template's Authentication Methods (attached file 1.jpg) are different from the Cluster's properties' Authentication Methods (attached file 2.jpg)te

 

Did someone experience the same issue before? can someone help me here? let me know if you need more information.

 

Thank you and regards,

Jameel

Preview file
24 KB
Preview file
13 KB
0 Kudos
2 Solutions

Accepted Solutions
Ultima_Business
Explorer
‎2020-03-03 07:33 AM
Jump to solution

Uncheck the Use user template and enable the Default authentication scheme and select authentication method you want rather then using what is in the Template.

View solution in original post

0 Kudos
jameelalsarraj
Participant
‎2020-07-23 12:26 AM
In response to jameelalsarraj
Jump to solution

Hi All,

I found the solution of the other issue with random passwords.

In LDAP Account Unit, "Object Management" tab, "Branches in use" section, there was a "space" after the entry of the OU, in which the users were able to authenticate with random passwords.

 

After I removed the additional space, the users are able again to authenticate only with their correct passwords.

This is a bug in Checkpoint and they are working on fixing this error and will release a new hotfix for that particular issue.

View solution in original post

0 Kudos
5 Replies
Ultima_Business
Explorer
‎2020-03-03 07:33 AM
Jump to solution

Uncheck the Use user template and enable the Default authentication scheme and select authentication method you want rather then using what is in the Template.

0 Kudos
jameelalsarraj
Participant
‎2020-04-30 12:21 PM
In response to Ultima_Business
Jump to solution

I've sorry for the late response.

 

I've changed it as suggested and it worked, thank you.

But now I have another issue, that some of our users are authenticating and connecting even with random passwords !!! what could be the issue here?

0 Kudos
Muhamad_Aizat_R
Participant
‎2020-07-22 11:17 AM
In response to Ultima_Business
Jump to solution

Hi, Sorry for asking this, what is the function of the User's default values setup ? what do i need to choose either one or can leave the section blank ?

Hope you guys can helpme understand the setting function.

 

Thanks

0 Kudos
jameelalsarraj
Participant
‎2020-07-23 12:23 AM
In response to Muhamad_Aizat_R
Jump to solution

Hi Muhamad,

Which value do you mean? can you please send a screenshot of the value you want to set?

0 Kudos
jameelalsarraj
Participant
‎2020-07-23 12:26 AM
In response to jameelalsarraj
Jump to solution

Hi All,

I found the solution of the other issue with random passwords.

In LDAP Account Unit, "Object Management" tab, "Branches in use" section, there was a "space" after the entry of the OU, in which the users were able to authenticate with random passwords.

 

After I removed the additional space, the users are able again to authenticate only with their correct passwords.

This is a bug in Checkpoint and they are working on fixing this error and will release a new hotfix for that particular issue.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events