Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] authenticate topology requests failing

To: "'Michael Miller'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] authenticate topology requests failing
From: Jim Brown <[email protected]>
Date: Tue, 10 Oct 2000 14:19:42 -0600
Sender: [email protected]

Michael,

I configured my firewall in a similar fashion. I also wanted authenticated
downloads and my users to use TACACS+ for authentication.

My solution was to configure the users for TACACS+ under the user account
authentication tab. 

I then created a special user that existed only for the purpose of topo
downloads. When users contact the site they use this special username and
password for downloads. This special user has no other privileges.

The SecuRemote clients use their normal account from that point forward.
This special account is only used during the initial topology download. 

The topo download account password is configured under the user account
encryption tab during creation. Do not use the authentication tab setting.

It appears that topo downloads use the password set under the user account
encryption tab and not TACACS+. You could just set the password under every
user account but that is very inefficient.


-----Original Message-----
From: Michael Miller [mailto:[email protected]]
Sent: Tuesday, October 10, 2000 1:11 PM
To: '[email protected]'
Subject: [FW1] authenticate topology requests failing



Hi,

I am trying to only allow authenticated requestes for the securemote
clients. When 'respond to unauthenticated requests' is turned on, all works
fine. However, when the option is unchecked, rsecuremote prompts for a
username/password and then proceeds to tell me 'Error: Authentication
failed'. The fw1 logs say 'reason Refused Topology Request. User not defined
properly'.

Can you explain how to overcome this. I have tried with users using fw1
passwords and tacacs+.

I am using fw1sp2 and securemote 4.1sp2 DES build 4165.

Many thanks in advance.



------------------------------------------------------------
Internet communications are not secure and therefore Oyster Partners Ltd
does not accept legal responsibility for the contents of this message. Any
views or opinions presented are solely those of the author and do not
necessarily represent those of Oyster Partners Ltd.


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] ELA Server & SDK
Next by Date: RE: [FW1] RE: Management Console using non-routable IP.
Previous by thread: [FW1] ELA Server & SDK
Next by thread: RE: [FW1] RE: Management Console using non-routable IP.
Index(es):
- Date
- Thread