How to configure the SmartDashboard administrator for external RADIUS server authentication
Starting from R80, refer to the following sections:
- Configuring a RADIUS Server for Administrator
- Sample workflow for RADIUS authentication configuration
in Check Point Security Management R80.20.M1 Administration Guide or R80.30 Security Management Administration Guide
SmartDashboard administrators can authenticate with LDAP only if it uses RADIUS or SecurID for authentication (meaning, the RADIUS authentication is enabled on LDAP server)
To configure the SmartDashboard administrator for external RADIUS server authentication, follow these steps:
- Configure the RADIUS server object:
- Create a Host object for the machine, which has the RADIUS server installed.
- Create a RADIUS server:
Go to 'Servers and OPSEC' tab -> New -> RADIUS...
Enter the name to define RADIUS server.
- For Host, select the node defined in Step 1.
- Select the service to be used by this server. This depends on what port your RADIUS server is configured to receive authorization requests. RADIUS (UDP port 1645) is the default value.
- Enter the "Shared Secret" configured on your RADIUS server.
- Select the Version: either 'RADIUS Ver. 1.0 Compatible' or 'RADIUS ver. 2.0 Compatible'. This also depends on what version your RADIUS server is compatible to.
- 'Protocol' is the type of Authentication protocol ('PAP' or 'MS-CHAP v2') that will be used when authenticating the user to the RADIUS server.
This type should be supported and enabled by the RADIUS server.
- Leave the 'Priority' set to the default value of 1 (highest priority).
- Configure the Administrator, which will be authenticated by the RADIUS server:
Note: Give the administrator the name that is defined on the RADIUS server.
- Create the new Administrator in the 'Users and Administrators' menu.
- Enter the administrator name and select the 'Permissions Profile'.
If you do not have a 'Permissions Profile' created, create one now:
- Click 'Permissions Profile' -> New -> Permissions Profile.
- Enter the Permission Profile name you want.
- Go to the 'Permissions' tab and grant the permissions as required.
- Click OK.
The new 'Permissions Profile' can also be created and edited from the 'Manage' menu.
- In the Administrator properties window, go to the 'Authentication' tab and select 'RADIUS' as the Authentication Scheme.
- Click OK and close the Administrator properties window.
- Install Database.
- Verify that the new administrator is created on the RADIUS server and password is defined.
- Verify that the Security Management Server and the RADIUS server can communicate with each other.
- Launch SmartDashboard and log in as the newly created administrator to authenticate on the RADIUS server.
Imported from Nokia support database