Configuring Local and Remote System Administrators
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|377
Configuring a RADIUS Server for non-local Quantum Spark
Appliance users
Non-local users can be defined on a RADIUS server and not in the Quantum Spark Appliance.
When a non-local user logs in to the appliance, the RADIUS server authenticates the user and
assigns the applicable permissions. You must configure the RADIUS server to correctly
authenticate and authorize non-local users.
Notes:
n
The configuration of the RADIUS Servers may change according to the type of
operating system on which the RADIUS Server is installed.
n
If you define a RADIUS user with a null password (on the RADIUS server), the
appliance cannot authenticate that user.
Configuring a Steel-Belted RADIUS server for non-local appliance users
1. Create the dictionary file checkpoint.dct on the RADIUS server, in the default
dictionary directory (that contains radius.dct). Add these lines in the
checkpoint.dct file:
@radius.dct
MACRO CheckPoint-VSA(t,s) 26 [vid=2620 type1=%t% len1=+2
data=%s%]
ATTRIBUTE CP-Gaia-User-Role CheckPoint-VSA(229, string) r
ATTRIBUTE CP-Gaia-SuperUser-Access CheckPoint-VSA(230,
integer) r
2. Add these lines in the vendor.ini file on the RADIUS server (keep in alphabetical
order with the other vendor products in this file):
vendor-product = Quantum Spark Appliance
dictionary = nokiaipso
ignore-ports = no
port-number-usage = per-port-type
help-id = 2000
3. Add this line in the dictiona.dcm file:
"@checkpoint.dct"
4. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user
configuration file:
CP-Gaia-User-Role = <role>
Where
<role>
allowed values are:
To Next Page
Loading...
