[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] authenticate topology requests failing
Michael, I configured my firewall in a similar fashion. I also wanted authenticated downloads and my users to use TACACS+ for authentication. My solution was to configure the users for TACACS+ under the user account authentication tab. I then created a special user that existed only for the purpose of topo downloads. When users contact the site they use this special username and password for downloads. This special user has no other privileges. The SecuRemote clients use their normal account from that point forward. This special account is only used during the initial topology download. The topo download account password is configured under the user account encryption tab during creation. Do not use the authentication tab setting. It appears that topo downloads use the password set under the user account encryption tab and not TACACS+. You could just set the password under every user account but that is very inefficient. -----Original Message----- From: Michael Miller [mailto:[email protected]] Sent: Tuesday, October 10, 2000 1:11 PM To: '[email protected]' Subject: [FW1] authenticate topology requests failing Hi, I am trying to only allow authenticated requestes for the securemote clients. When 'respond to unauthenticated requests' is turned on, all works fine. However, when the option is unchecked, rsecuremote prompts for a username/password and then proceeds to tell me 'Error: Authentication failed'. The fw1 logs say 'reason Refused Topology Request. User not defined properly'. Can you explain how to overcome this. I have tried with users using fw1 passwords and tacacs+. I am using fw1sp2 and securemote 4.1sp2 DES build 4165. Many thanks in advance. ------------------------------------------------------------ Internet communications are not secure and therefore Oyster Partners Ltd does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Oyster Partners Ltd. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|