Infinity CHECK POINT 1100 Administration Manual page 84

To configure a
FreeRADIUS
1. Create the dictionary file dictionary.checkpoint in /etc/freeradius/ on the RADIUS
server:
#
# Check Point dictionary file for freeradius AAA server
#
VENDOR
ATTRIBUTE
CheckPoint
ATTRIBUTE
CheckPoint
2. Add to /etc/freeradius/dictionary the line:
"$INCLUDE
3. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user
configuration file:
CP-Gaia-User-Role = <group_name>
Where <group_name> is the name of the RADIUS group that is defined in the Check Point
Appliance WebUI.
To configure an
OpenRADIUS
1. Create the dictionary file dict.checkpoint in
/etc/openradius/subdicts/
on the RADIUS server:
# Check Point Gaia vendor specific attributes
# (Formatted for the OpenRADIUS RADIUS server.)
# Add this file to etc/openradius/subdicts/ and add the line
# "$include subdicts/dict.checkpoint" to etc/openradius/dictionaries
# right after dict.ascend.
$add vendor 2620 CheckPoint
$set default vendor=CheckPoint
len_ofs=1 len_size=1 len_adj=0
val_ofs=2 val_size=-2 val_type=String
nodec=0 noenc=0
$add attribute 229 CP-Gaia-User-Role
$add attribute 230 CP-Gaia-SuperUser-Access
val_size=4
2. Add the line
$include subdicts/dict.checkpoint
to
/etc/openradius/dictionaries
immediately after dict.ascend
3. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user
configuration file:
CP-Gaia-User-Role = <group_name>
Where <group_name> is the name of the RADIUS group that is defined in the Check Point
Appliance WebUI.
Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70
server for non-local Check Point Appliance users:
CheckPoint 2620
CP-Gaia-User-Role
CP-Gaia-SuperUser-Access
dictionary.checkpoint"
server for non-local Check Point Appliance users:
space=RAD-VSA-STD
Appliance Configuration
229 string
230 integer
val_type=Integer
| 84