|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NT user authentication
I just installed FW-1 4.1 in an NT network. Hap the same exact problem you have. All I have seen in these messages is true. One thing I figured out the hard way is that your users need the log on locally right to your firwall. Give the user account on the local box the log on locally right and then add Domain Users or whatever group your using to the local group. This drove me crazy and took me a day or so to figure it out. Hope this helps you on your way!!! Vince DeLalla Network Administrator Trustcorp Mortgage Company -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Thursday, September 28, 2000 7:51 AM To: [email protected] Cc: [email protected] Subject: RE: [FW1] NT user authentication There are several ways to do this. If you use just the client auth rule, then your users must telnet to the firewall and authenticate (or use the http://firewall:900 . Many companies see this as being "intrusive" You can also use session authentication, but this requires an agent on every pc (or someone sitting at a desk authenticating everyone! You can also user auth for the rule. This works terribly because the user be forced to re-authenticate on every URL, unless you use the firewall's IP address as the proxy server in the browser. The method I have seen that works the best is the user/client auth hybrid rule. Something like this: Allusers@any ANY WWW UserAuth Allusers@any ANY WWW ClientAuth You will also want to add another rule after these to allow access to other services, as this only affects www port80. here's a good faq on it. If you do not plan this fully, it will drive you to near hanging yourself. -----Original Message----- From: Dave Hood [mailto:[email protected]] Sent: Wednesday, September 27, 2000 7:02 PM To: [email protected] Subject: [FW1] NT user authentication Hi Guys, I've read some of the lists archives about this but I'm still not 100% on it. I am wanting to authenticate my internal network's NT users for web access. The firewall (4.1) is a BDC in the domain. Am I correct in saying that all i do is set the authenication rule to the OS for the www service? So, when a user tries to connect to the web does a box pop up asking for a username/password, or is it all handled transparently?, or do I need a client installed on the PCs. I have also read that the user may have to go to http://firewall:900 and then type in their username/password? Sorry for what is probably a real basic question, but i'm new to this! Thanks, Dave ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
