Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
oded_mass
Participant

unable to api login to system data domain in some versions of R81.10

Hi,

I am getting errors trying to login to the "system data" domain on some R81.10 machines.

using the rest api: POST https://<ip>/web_api/login
it results with:
responseCode : 400, {"code":"err_login_failed","message":"Authentication to server failed."}

loging in to other domains of these machines works fine.

this happens on some R81.10 machine but not on others. (api version on the machine is 1.8)

Is it a known problem? Is there a solution.

Thanks

0 Kudos
14 Replies
Amir_Senn
Employee
Employee

Can you share the syntax you used in the command?

Also, if you try this command locally using SSH, is there any different result?

Kind regards, Amir Senn
0 Kudos
the_rock
Legend
Legend

Dont believe it is a known issue. As @Amir_Senn asked, maybe send us the exact syntax you are using. Its certainly odd it happens only on some machines.

Andy

0 Kudos
oded_mass
Participant

Hellow,

the command is: https://<the ip-address>/web_api/login
the HTTP Method is: POST
and the body is:
{
"user": "the-user",
"password": "the-password",
"domain": "System Data",
"session-timeout": "60"
}

0 Kudos
the_rock
Legend
Legend

Is it same if you try https://ip_address/web_api_login ?

Andy

0 Kudos
oded_mass
Participant

I do not understand. the documentation for login is:

{{server}}/login

for example https://192.168.0.120/web_api/login
this is what I do (of course with the relevant ip address)

 

0 Kudos
the_rock
Legend
Legend

I went to that link and it showed me web_api_login...not sure if it makes a difference, but it did work.

0 Kudos
PhoneBoy
Admin
Admin

Are you sure the same credentials work, e.g. with SmartConsole?
Have you confirmed the configured user has API access as part of their permissions profile?
If so, then you may want to get the TAC involved: https://help.checkpoint.com

0 Kudos
Bob_Zimmerman
Authority
Authority

Also is the API set up to allow remote connections? By default, it doesn't. mgmt_cli local on the management will work, but HTTPS connections won't.

0 Kudos
Hugo_vd_Kooij
Advisor

Step 1 should be to run `api status` on the SmartCenter (or MDS).

Step 2 is check access rights for named account.

Step 3 is test with mgmt_cli and same account.

....

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
oded_mass
Participant

The login to "system data" domain is only a part of what my program does.
All other requests work fine.
The program logs in (with no domain name) and gets information about gateways and servers list of domains and other. This all work fine with the same credentials.
It then tries to login to the "System Data". this fails on some machines.
Then depending it it is a multi domain system or not if logs in to the appropriate domain and gets information about "firewall policies and rules". This also works ok with the same credentials.

0 Kudos
the_rock
Legend
Legend

Can you send output of api status?

0 Kudos
Amir_Senn
Employee
Employee

Try to connect without the domain name:

{
"user": "the-user",
"password": "the-password",
"session-timeout": "60"
}

Kind regards, Amir Senn
oded_mass
Participant

This works and I am using this (no domain) for some API requests.
However  for the /show-administrators request I must login to the "System Data" domain.

0 Kudos
Bob_Zimmerman
Authority
Authority

How about logging in with the same credentials locally on the system via 'mgmt_cli -d "System Data" login'?

If that doesn't work, does local root? 'mgmt_cli -d "System Data" -r true login'

If login via HTTP call fails but local works, that points towards the web service. If local login with the same credentials still fails, but local login with the local root works, that points to permissions.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events