RADIUS Lock Out – Warning

So I was deploying my superuser RADIUS solution to our R75.46 gateways and locked myself out of one box. Could not even log in at the console. Turns out it was a R75.40 unpatched system and RADIUS was broken and ONLY did RADIUS auth and nothing else. Not even local authentication. Something went wrong with the PAM module and bypassed the PAM_UNIX processing.

The secret to get in was to pull the network cable(another guy Dan figured this out). Some sort of race condition between the cable and the console. Geez louise.

Make sure you have these patches.

pam-0.99.6.2-3.26.cp986008001
CPshell-1-986008001

dreez

 

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: