[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] TACACS+ Problem
I'm saying if I create a groupA and add the user *generic and I create groupB with a userB then userB will authenticate under groupA rules because he is a member of *generic. If I then add userB to groupA along with *generic userB still authenticates properly. The problem is now if I remove userB from groupA leaving only *generic, userB will no longer authenticate properly even if he is still member of *generic. Prior to his addition and removal from groupA, userB authenticated just fine? It is like the firewall realizes that userB was removed from groupA, therefore he must be an exclusion? It is a real pain in the butt. -----Original Message----- From: CryptoTech [mailto:[email protected]] Sent: Saturday, November 04, 2000 12:16 PM To: Jim Brown Cc: 'Curt A. Miller'; fw-1-mailinglist Subject: Re: [FW1] TACACS+ Problem How many groups do you have? I don't think I understand what you are saying. Are you saying that using 'All Users' in the rule, and then adding specific users causes problems? Jim Brown wrote: > Is this a bug or a feature? > > I posted the same issue several weeks ago. > > *generic works until you add an individual account then that account must be > included to be considered for authentication. > > It is like the rulebase remembers that you removed the account therefore it > is an exclusion. > > It's driving me nuts. > > -----Original Message----- > From: Curt A. Miller [mailto:[email protected]] > Sent: Friday, November 03, 2000 6:16 AM > To: fw-1-mailinglist > Subject: [FW1] TACACS+ Problem > > I am having a strange new problem. We added some more people to for having > access via the firewall. We are using the generic* group and a CiscoSecure > Tacacs+ server. After adding the one or two people, noone can access the > server behind the firewall. If I add the person as an individual and set up > as > using TACACS+ it works fine. We are using 4.0 server on NT. Any ideas? > > Thanks, > Curt > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|