Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michael_Wheelwr
Participant

Radius authentication Web UI

Hi i am running Gaia 80.20 and configured radius authentication to an RSA radius server. The authentication works.via ssh logs me into clish where i can proceed to expert and sudo su -. The problem i have is via Web UI the authentication is accepted but the Web UI never loads just the revolving circle until the session expires. Local admin web UI is fine.

7 Replies
Mike_A
Advisor

Any output you can share from /var/log/messages when the WebUI login is attempted?

0 Kudos
Michael_Wheelwr
Participant

This is the first deployment of R80.20 so i may have missed something unknowingly. I had Radius working previously since R75 but had to add the local accounts for radius to work. This was resolved in R76 i'm informed 🙂

I have the following set on my Radius profile.

CP-Gaia-SuperUser-Access = 1
CP-Gaia-User-Role = "adminrole, radius-group-any"

output from /var/log/messages

Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t -volatile:mrma:users:user:USER123:pid
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:pid 3425
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:pid:3425 USER123
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:ppid:3425 0
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:access_mechanism:Web t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:access_mechanism:CLI t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123 t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:"adminrole t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:"adminrole:domainname:default t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:radius-group-any" t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:radius-group-any":domainname:default t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:radius-group-any t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:role:radius-group-any:domainname:default t
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: nobody localhost t +volatile:mrma:users:user:USER123:su t
Dec 4 15:24:21 2018 Gateway1 httpauth: pam_radius_auth: Non local user 'USER123' will be in 'superusr' and have root access
Dec 4 15:24:21 2018 Gateway1 httpd2: HTTP login from 10.76.0.26 as USER123
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: USER123 localhost t +webuiparams:logincount:USER123 2
Dec 4 15:24:21 2018 Gateway1 xpand[12675]: Configuration changed from localhost by user USER123

0 Kudos
Mike_A
Advisor

Hrm... looks OK. This is going to sound weird as you said admin is working. But, what browser are you using? Ive seen login issues with it not displaying on Chrome/Firefox and only work in IE, again, I think this has been resolved but its worth asking. 

0 Kudos
Michael_Wheelwr
Participant

This was with IE11. I have also experienced the issue with Chrome/firefox  previously. My R77.30 Gaia access i have to use IE11 as get blank page once authorized in chrome/firefox.

0 Kudos
Mike_A
Advisor

Just for kicks, have you tried the string at the bottom of this article?

Gaia Portal shows blank page after log in with Firefox 5x or Chrome 66 - Fixed in sk121373 

[Expert@HostName:0]# grep -q "form.el.dom.action" /web/htdocs2/login/login.js; if [ $? -eq 0 ]; then echo File is already modified, exiting.; else echo File backed up and modified. ; sed -i.bak '/form.isValid/s/$/\nform.el.dom.action=formAction;\n/' /web/htdocs2/login/login.js ; fi

Also here is a link to a troubleshooting article if you have not seen it yet. Troubleshooting RADIUS authentication related issues in Gaia

0 Kudos
Michael_Wheelwr
Participant

Hi Mike I tried the above but the file is already updated. I have raised a request with Check Point and will update with the outcome

Michael_Wheelwr
Participant

The resolution to this after working with Check Point R&D was to change the Radius profile attribute 

From

CP-Gaia-User-Role = "adminrole, radius-group-any"

 

To this 

CP-Gaia-User-Role = adminrole

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events