NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] os password and nt authentication



1)
Install MS proxy server or CSM http://www.csm-usa.com/
Point the 400 users (or even all of them) Internet explorer to it and you
can then contol access via NT Groups
Teh firewall then only has to be setup to allow HTTP out from teh proxy
server. The proxy sserver takes care of the authentication. You also get
detailed logging via the proxy server of sites accessed via the username....


2) FW supports a RADIUS server. IAS that comes with NT option pack 4 can use
multiple domains so long as trusts are set up between the domains. It needs
to only be a one way trust.

cheers
Dean

-----Original Message-----
From: Mangelli, Leonardo [mailto:[email protected]]
Sent: Tuesday, 7 November 2000 2:27 AM
To: 'c'
Subject: [FW1] os password and nt authentication
Importance: High



Hi,

	i have a customer that would like to use NT authentication for the
http services, but only for a restric group.
	As i saw in the documentation he has to join the firewall machine in
the domain and after that he can choose two options:
			1 - create a user called "generic*" to authenticate
all user in a external database (Nt domain)
			2 - create account by account in the firewall for it
check in the PDC

	My questions are:
		1- If my customer has 1000 user accounts in the NT domain
but only 400 user can access the http service. 
		    How can i restrict the access to permit only the 400 to
pass through the firewall authenticating.
		    The only way for me is create the 400 account one by one
in the firewall, but it's crazy.

		2- Does the FW-1 support OS password authetication for
multiple NT domains???


	Leonardo S.L. Passeri Mangelli 
	Infrastructure Services - COMPAQ Brazil 
	Phone: 55-21-277-6180 
	e-mail:[email protected] 
	     nosso site:http://www.compaq.com




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.