Radius Authentications for new users not working

[udupik]

Hi Guys,

I have a cluster running R75.45 where I have enabled Mobile access blade to accessing some internal apps. We have a Cisco ACS which is integrated with our firewall and we are using Radius authentications. The Cisco ACS is in turn integrated with LDAP where the users are currently configured. We have this setup running from certain amount of time and many users are authenticating in this way. Recently we had a new request so we had new users and created policies, but only for these users the authentication is not working. I am able to query the user from LDAP. When i see the tracker log it says unknown user/unknown authentication mechanism. This issue is only for the new users created.

The new users are created locally on the Checkpoint as well, i did try install database and install policy but it was futile

[laf_c]

Hi Guys,

I have a cluster running R75.45 where I have enabled Mobile access blade to accessing some internal apps. We have a Cisco ACS which is integrated with our firewall and we are using Radius authentications. The Cisco ACS is in turn integrated with LDAP where the users are currently configured. We have this setup running from certain amount of time and many users are authenticating in this way. Recently we had a new request so we had new users and created policies, but only for these users the authentication is not working. I am able to query the user from LDAP. When i see the tracker log it says unknown user/unknown authentication mechanism. This issue is only for the new users created.

The new users are created locally on the Checkpoint as well, i did try install database and install policy but it was futile

Do new users belong to the same security group old users are present? What about new users DN value?

[ShadowPeak.com]

Hi Guys,

I have a cluster running R75.45 where I have enabled Mobile access blade to accessing some internal apps. We have a Cisco ACS which is integrated with our firewall and we are using Radius authentications. The Cisco ACS is in turn integrated with LDAP where the users are currently configured. We have this setup running from certain amount of time and many users are authenticating in this way. Recently we had a new request so we had new users and created policies, but only for these users the authentication is not working. I am able to query the user from LDAP. When i see the tracker log it says unknown user/unknown authentication mechanism. This issue is only for the new users created.

The new users are created locally on the Checkpoint as well, i did try install database and install policy but it was futile

Sounds to me like you haven't defined the users in the local database identically to the older users, particularly on the authentication tab of the new user accounts. Please provide a sanitized version of the Tracker log entry for the error condition.

[udupik]

It somehow got automatically solved before we could take the debug which TAC asked for root cause still unknown

[laf_c]

It somehow got automatically solved before we could take the debug which TAC asked for root cause still unknown

I bet 5$ that automagic will revert its status later on. You would better look how to diagnostic this and be more prepared next time.

[udupik]

I bet 5$ that automagic will revert its status later on. You would better look how to diagnostic this and be more prepared next time.

Yea that's the reason we got the debug script provided by TAC ready in hand so the moment we see the issue!!!! :D

[ShadowPeak.com]

It somehow got automatically solved before we could take the debug which TAC asked for root cause still unknown

Ugh, hate when that happens. Rest assured it will manifest itself again at the most inopportune moment possible...