Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] IAS+W2K authentication

To: "'Dan Hitchcock'" <[email protected]>
Subject: [FW1] IAS+W2K authentication
From: "Mangelli, Leonardo" <[email protected]>
Date: Tue, 7 Nov 2000 18:37:50 -0600
Cc: "'[email protected]'" <[email protected]>, "'[email protected]'" <[email protected]>
Sender: [email protected]

Dan,

	today i made the IAS+W2k works with FW1.
	i discovered that the fw1 send the request to IAS using PAP,  but
the default of IAS is MS-CHAP and MS-CHAP v2 so a checked to use PAP too.
	Now i'd like to know if it's possible to change from PAP to another
like MS-CHAP on FW1, because PAP isn't encrypted.
	Another problem is the authenitcation type, i explain. If i use User
authentication in HTTP access, i need to authenticate wich site or link. If
i use client authenticaon with automaic logon(it works like User
Autnetication but authenticate the IP) i get Dr. Watson in FW.exe.
	For me the best solution is client authentication working like User
authentication but with Dr. Watson i can't.
	Did you see anything like this??

	best regards,

	Leonardo

-----Original Message-----
From: Dan Hitchcock [mailto:[email protected]]
Sent: Segunda-feira, 6 de Novembro de 2000 19:51
To: Mangelli, Leonardo
Cc: '[email protected]'
Subject: RE: [FW1] os password and nt authentication


IAS is much simpler to set up in Win2k than it is in NT4, and it ships on
the Win2k CD (add/remove programs -> add/remove windows components).  I've
successfully implemented Hybrid-mode SecuRemote auth using Win2k IAS.  Not
sure if that addresses the issue at hand, but for what it's worth...

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders


-----Original Message-----
From: Mangelli, Leonardo [mailto:[email protected]]
Sent: Monday, November 06, 2000 2:13 PM
To: 'Dean Cunningham'
Cc: '[email protected]'
Subject: RE: [FW1] os password and nt authentication



Dean,

	i considered the first option but the customer doesn't want to use a
proxy.
	About the second option, i know that it works with NT4.0 but in my
environment the customer is using W2k and until now didn't work.
	do you have the procedures to configure IAS for NT4.0??

	best regards,

	Leonardo S.L. Passeri Mangelli 
	Infrastructure Services - COMPAQ Brazil 
	Phone: 55-21-277-6180 
	e-mail:[email protected] 
	     nosso site:http://www.compaq.com



-----Original Message-----
From: Dean Cunningham [mailto:[email protected]]
Sent: segunda-feira, 6 de novembro de 2000 18:30
To: Mangelli, Leonardo
Cc: '[email protected]'
Subject: RE: [FW1] os password and nt authentication


1)
Install MS proxy server or CSM http://www.csm-usa.com/
Point the 400 users (or even all of them) Internet explorer to it and you
can then contol access via NT Groups
Teh firewall then only has to be setup to allow HTTP out from teh proxy
server. The proxy sserver takes care of the authentication. You also get
detailed logging via the proxy server of sites accessed via the username....


2) FW supports a RADIUS server. IAS that comes with NT option pack 4 can use
multiple domains so long as trusts are set up between the domains. It needs
to only be a one way trust.

cheers
Dean

-----Original Message-----
From: Mangelli, Leonardo [mailto:[email protected]]
Sent: Tuesday, 7 November 2000 2:27 AM
To: 'c'
Subject: [FW1] os password and nt authentication
Importance: High



Hi,

	i have a customer that would like to use NT authentication for the
http services, but only for a restric group.
	As i saw in the documentation he has to join the firewall machine in
the domain and after that he can choose two options:
			1 - create a user called "generic*" to authenticate
all user in a external database (Nt domain)
			2 - create account by account in the firewall for it
check in the PDC

	My questions are:
		1- If my customer has 1000 user accounts in the NT domain
but only 400 user can access the http service. 
		    How can i restrict the access to permit only the 400 to
pass through the firewall authenticating.
		    The only way for me is create the 400 account one by one
in the firewall, but it's crazy.

		2- Does the FW-1 support OS password authetication for
multiple NT domains???


	Leonardo S.L. Passeri Mangelli 
	Infrastructure Services - COMPAQ Brazil 
	Phone: 55-21-277-6180 
	e-mail:[email protected] 
	     nosso site:http://www.compaq.com




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [RE: [RE: [FW1] Problem with SecuRemote after 4.0 -> 4.1 upgrade.. .]]
Next by Date: RE: [FW1] Rainfinity
Previous by thread: [FW1] Linux Kernel Module Size
Next by thread: [FW1] Nokia IP 330 specs
Index(es):
- Date
- Thread