Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] TACACS+ Problem

To: "'CryptoTech'" <[email protected]>, Jim Brown <[email protected]>
Subject: RE: [FW1] TACACS+ Problem
From: Jim Brown <[email protected]>
Date: Sat, 4 Nov 2000 16:57:54 -0700
Cc: "'Curt A. Miller'" <[email protected]>, fw-1-mailinglist <[email protected]>
Sender: [email protected]

I'm saying if I create a groupA and add the user *generic and I create
groupB with a userB then userB will authenticate under groupA rules because
he is a member of *generic.

If I then add userB to groupA along with *generic userB still authenticates
properly.

The problem is now if I remove userB from groupA leaving only *generic,
userB will no longer authenticate properly even if he is still member of
*generic.

Prior to his addition and removal from groupA, userB authenticated just
fine? It is like the firewall realizes that userB was removed from groupA,
therefore he must be an exclusion?

It is a real pain in the butt.

-----Original Message-----
From: CryptoTech [mailto:[email protected]]
Sent: Saturday, November 04, 2000 12:16 PM
To: Jim Brown
Cc: 'Curt A. Miller'; fw-1-mailinglist
Subject: Re: [FW1] TACACS+ Problem



How many groups do you have?  I don't think I understand what you are
saying.  Are
you saying that using 'All Users' in the rule, and then adding specific
users causes
problems?

Jim Brown wrote:

> Is this a bug or a feature?
>
> I posted the same issue several weeks ago.
>
> *generic works until you add an individual account then that account must
be
> included to be considered for authentication.
>
> It is like the rulebase remembers that you removed the account therefore
it
> is an exclusion.
>
> It's driving me nuts.
>
> -----Original Message-----
> From: Curt A. Miller [mailto:[email protected]]
> Sent: Friday, November 03, 2000 6:16 AM
> To: fw-1-mailinglist
> Subject: [FW1] TACACS+ Problem
>
> I am having a strange new problem.  We added some more people to for
having
> access via the firewall.  We are using the generic* group and a
CiscoSecure
> Tacacs+ server.  After adding the one or two people, noone can access the
> server behind the firewall.  If I add the person as an individual and set
up
> as
> using TACACS+ it works fine.  We are using 4.0 server on NT.  Any ideas?
>
> Thanks,
> Curt
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Nokia VPN210 capabilities
Next by Date: RE: [FW1] Can you run fwui without a motif license
Previous by thread: Re: [FW1] TACACS+ Problem
Next by thread: [FW1] Maintaining Two Management Consoles
Index(es):
- Date
- Thread