Non-local users can be defined on a RADIUS server and not in Gaia. When a non-local user logs in to Gaia, the RADIUS server authenticates the user and assigns the applicable permissions. You must configure the RADIUS server to correctly authenticate and authorize non-local users.
Note - If you define a RADIUS user with a null password (on the RADIUS server), Gaia cannot authenticate that user.
To configure a RADIUS server for non-local Gaia users:
In addition, see sk72940.
Step |
Instructions |
---|---|
1 |
Copy the applicable dictionary file to your RADIUS server. |
|
Examples: |
|
Steel-Belted RADIUS server:
|
|
FreeRADIUS server:
|
|
OpenRADIUS server:
|
2 |
Define the user roles on Gaia. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file:
For example:
|
3 |
Define the Check Point users that must have superuser access to the Gaia shell. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file:
|
To log in as a superuser:
A user with super user permissions can use the Gaia shell to do system-level operations, including working with the file system. Super user permissions are defined in the Check Point Vendor-Specific Attributes.
Users that have a UID of 0 have super user permissions. They can run all the commands that the root user can run. Users that have a UID of 96 must run the
command to get super user permissions. The UIDs of all non-local users are defined in the sudo
file./etc/passwd
To get super user permissions (for users that have a UID of 96):
Step |
Description |
---|---|
1 |
Connect to the command line on Gaia. |
2 |
Log in to Expert mode. |
3 |
Run:
The user now has superuser permissions. |