I have integrated Active directory with Checkpoint R80.10. So can I use the active directory user log in for smart console. I do not have radius server. Please let me know Is it possible and how?
Hi Blason R, I actually had implemented the option told by Norbert Bohusch in my environment:
a Windows Server with the NPS role installed on a separate server of the domain controller (I believe putting the NPS in a DC is a big NO-NO).
Also as Norbert says the NPS role is essentially a Radius server, so you have to follow the instructions for "Configuring a RADIUS Server for Administrators" from the Admin Guide:
- Create a Radius Server object with a shared secret on the SmartConsole
- In the NPS server create a Radius Client with the Management/SmartCenter IP address and obviously the same shared secret from above
- Create a Connection Policy with at least a condition (for example the NAS IPv4 address as the IP address of mgmt) with EAP-MSCHAP as authentication method
- Create a Network Policy with also at least the same condition above (but I also configure a condition for the users must be members of an specific AD group)
- Create an administrator on the SmartConsole with a username format like <AD domain>\<AD user> and Radius as authentication method
Then you can login using the <AD domain>\<AD user> as user name and your AD password as password.
Hope it helped
Still not possible the way you want to do it.
See the documentation R80.10 Management Admin Guide, Section: Configuring Authentication Methods for Administrators
Same goes for R80.20 Management Admin Guide, Section: Configuring Authentication Methods for Administrators
I did hear that request/question from every customer who was thinking about moving away from local OS accounts. And it is the first question that comes to mind, always.
I do struggle to understand this approach, however. I reckon that there is a very good reason behind this, though. I'm sure. 100%. No doubt.
Could someone knowing(!) the reasons please elabotrate about this?
Maybe it is about, who has control over the authorizing system and it's security measures and options (2FA, etc.)
Retrieving data ...