[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] os password and nt authentication
1) Install MS proxy server or CSM http://www.csm-usa.com/ Point the 400 users (or even all of them) Internet explorer to it and you can then contol access via NT Groups Teh firewall then only has to be setup to allow HTTP out from teh proxy server. The proxy sserver takes care of the authentication. You also get detailed logging via the proxy server of sites accessed via the username.... 2) FW supports a RADIUS server. IAS that comes with NT option pack 4 can use multiple domains so long as trusts are set up between the domains. It needs to only be a one way trust. cheers Dean -----Original Message----- From: Mangelli, Leonardo [mailto:[email protected]] Sent: Tuesday, 7 November 2000 2:27 AM To: 'c' Subject: [FW1] os password and nt authentication Importance: High Hi, i have a customer that would like to use NT authentication for the http services, but only for a restric group. As i saw in the documentation he has to join the firewall machine in the domain and after that he can choose two options: 1 - create a user called "generic*" to authenticate all user in a external database (Nt domain) 2 - create account by account in the firewall for it check in the PDC My questions are: 1- If my customer has 1000 user accounts in the NT domain but only 400 user can access the http service. How can i restrict the access to permit only the 400 to pass through the firewall authenticating. The only way for me is create the 400 account one by one in the firewall, but it's crazy. 2- Does the FW-1 support OS password authetication for multiple NT domains??? Leonardo S.L. Passeri Mangelli Infrastructure Services - COMPAQ Brazil Phone: 55-21-277-6180 e-mail:[email protected] nosso site:http://www.compaq.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|