Hi i am running Gaia 80.20 and configured radius authentication to an RSA radius server. The authentication works.via ssh logs me into clish where i can proceed to expert and sudo su -. The problem i have is via Web UI the authentication is accepted but the Web UI never loads just the revolving circle until the session expires. Local admin web UI is fine.
This is the first deployment of R80.20 so i may have missed something unknowingly. I had Radius working previously since R75 but had to add the local accounts for radius to work. This was resolved in R76 i'm informed :-)
I have the following set on my Radius profile.
CP-Gaia-SuperUser-Access = 1
CP-Gaia-User-Role = "adminrole, radius-group-any"
output from /var/log/messages
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t -volatile:mrma:users:user:USER123:pid
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:pid 3425
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:pid:3425 USER123
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:ppid:3425 0
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:access_mechanism:Web t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:access_mechanism:CLI t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123 t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:"adminrole t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:"adminrole:domainname:default t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:radius-group-any" t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:radius-group-any":domainname:default t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:radius-group-any t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:radius-group-any:domainname:default t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:su t
Dec 4 15:24:21 2018 Gateway1 httpauth: pam_radius_auth: Non local user 'USER123' will be in 'superusr' and have root access
Dec 4 15:24:21 2018 Gateway1 httpd2: HTTP login from 10.76.0.26 as USER123
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: USER123 localhost t +webuiparams:logincount:USER123 2
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: Configuration changed from localhost by user USER123
Hrm... looks OK. This is going to sound weird as you said admin is working. But, what browser are you using? Ive seen login issues with it not displaying on Chrome/Firefox and only work in IE, again, I think this has been resolved but its worth asking.
This was with IE11. I have also experienced the issue with Chrome/firefox previously. My R77.30 Gaia access i have to use IE11 as get blank page once authorized in chrome/firefox.
Just for kicks, have you tried the string at the bottom of this article?
Gaia Portal shows blank page after log in with Firefox 5x or Chrome 66 - Fixed in sk121373
[Expert@HostName:0]# grep -q "form.el.dom.action" /web/htdocs2/login/login.js; if [ $? -eq 0 ]; then echo File is already modified, exiting.; else echo File backed up and modified. ; sed -i.bak '/form.isValid/s/$/\nform.el.dom.action=formAction;\n/' /web/htdocs2/login/login.js ; fi
Also here is a link to a troubleshooting article if you have not seen it yet. Troubleshooting RADIUS authentication related issues in Gaia
Hi Mike I tried the above but the file is already updated. I have raised a request with Check Point and will update with the outcome
Any output you can share from /var/log/messages when the WebUI login is attempted?