CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 7 of 7

Thread: Radius Authentications for new users not working

  1. #1
    Join Date
    2012-08-10
    Posts
    18
    Rep Power
    0

    Default Radius Authentications for new users not working

    Hi Guys,

    I have a cluster running R75.45 where I have enabled Mobile access blade to accessing some internal apps. We have a Cisco ACS which is integrated with our firewall and we are using Radius authentications. The Cisco ACS is in turn integrated with LDAP where the users are currently configured. We have this setup running from certain amount of time and many users are authenticating in this way. Recently we had a new request so we had new users and created policies, but only for these users the authentication is not working. I am able to query the user from LDAP. When i see the tracker log it says unknown user/unknown authentication mechanism. This issue is only for the new users created.

    The new users are created locally on the Checkpoint as well, i did try install database and install policy but it was futile

  2. #2
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    8

    Default Re: Radius Authentications for new users not working

    Quote Originally Posted by udupik View Post
    Hi Guys,

    I have a cluster running R75.45 where I have enabled Mobile access blade to accessing some internal apps. We have a Cisco ACS which is integrated with our firewall and we are using Radius authentications. The Cisco ACS is in turn integrated with LDAP where the users are currently configured. We have this setup running from certain amount of time and many users are authenticating in this way. Recently we had a new request so we had new users and created policies, but only for these users the authentication is not working. I am able to query the user from LDAP. When i see the tracker log it says unknown user/unknown authentication mechanism. This issue is only for the new users created.

    The new users are created locally on the Checkpoint as well, i did try install database and install policy but it was futile
    Do new users belong to the same security group old users are present? What about new users DN value?

  3. #3
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    15

    Default Re: Radius Authentications for new users not working

    Quote Originally Posted by udupik View Post
    Hi Guys,

    I have a cluster running R75.45 where I have enabled Mobile access blade to accessing some internal apps. We have a Cisco ACS which is integrated with our firewall and we are using Radius authentications. The Cisco ACS is in turn integrated with LDAP where the users are currently configured. We have this setup running from certain amount of time and many users are authenticating in this way. Recently we had a new request so we had new users and created policies, but only for these users the authentication is not working. I am able to query the user from LDAP. When i see the tracker log it says unknown user/unknown authentication mechanism. This issue is only for the new users created.

    The new users are created locally on the Checkpoint as well, i did try install database and install policy but it was futile
    Sounds to me like you haven't defined the users in the local database identically to the older users, particularly on the authentication tab of the new user accounts. Please provide a sanitized version of the Tracker log entry for the error condition.

  4. #4
    Join Date
    2012-08-10
    Posts
    18
    Rep Power
    0

    Default Re: Radius Authentications for new users not working

    It somehow got automatically solved before we could take the debug which TAC asked for root cause still unknown

  5. #5
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    8

    Default Re: Radius Authentications for new users not working

    Quote Originally Posted by udupik View Post
    It somehow got automatically solved before we could take the debug which TAC asked for root cause still unknown
    I bet 5$ that automagic will revert its status later on. You would better look how to diagnostic this and be more prepared next time.

  6. #6
    Join Date
    2012-08-10
    Posts
    18
    Rep Power
    0

    Default Re: Radius Authentications for new users not working

    Quote Originally Posted by laf_c View Post
    I bet 5$ that automagic will revert its status later on. You would better look how to diagnostic this and be more prepared next time.
    Yea that's the reason we got the debug script provided by TAC ready in hand so the moment we see the issue!!!! :D

  7. #7
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    15

    Default Re: Radius Authentications for new users not working

    Quote Originally Posted by udupik View Post
    It somehow got automatically solved before we could take the debug which TAC asked for root cause still unknown
    Ugh, hate when that happens. Rest assured it will manifest itself again at the most inopportune moment possible...

Similar Threads

  1. Certificates/smartcard and RADIUS VPN users
    By jstuartza in forum Authentication
    Replies: 1
    Last Post: 2013-08-21, 10:45
  2. CP-EDGE-NW-8-users RADIUS source address
    By Serji in forum Check Point UTM-1 Edge Appliances
    Replies: 0
    Last Post: 2012-08-27, 04:26
  3. how to Change radius server for multiple users
    By danzaka in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2007-05-24, 16:53
  4. HTTP not working for certain users
    By kpatel in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2007-03-15, 11:15
  5. HTTP stops working for random users
    By Huisje in forum Miscellaneous
    Replies: 2
    Last Post: 2006-10-16, 07:00

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •