Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] RADIUS Auth error when doing a SR "Update".

To: "'Russo, Tim'" <[email protected]>, [email protected]
Subject: RE: [FW1] RADIUS Auth error when doing a SR "Update".
From: Jim Brown <[email protected]>
Date: Mon, 13 Nov 2000 13:26:04 -0700
Sender: [email protected]

Topology downloads are authenticated via the method under the users
IKE/Authentication tab. They do not use the method defined under the users
Authentication tab.

I just created a special user with no rights that exists only for the
purpose of downloading topology.

When a new user comes on line they use this account for the download and
then use their hybrid account after successful topology download.

You can also just send them the user.c file from a client that has
successfully downloaded the topology from the firewall. Drop and insert and
the client is ready to go.

It was the only solution that I could come up with other than manually
adding a password for downloads on every new stinking user. 

-----Original Message-----
From: Russo, Tim [mailto:[email protected]]
Sent: Monday, November 13, 2000 12:36 PM
To: [email protected]
Subject: [FW1] RADIUS Auth error when doing a SR "Update".



I am working on getting RADIUS to work with my SecureClient SP-2 w/ IKE
Hybrid encryption. I can log in using RADIUS with no problems. When I try to
do an update on the SecureClient sight however, I get an authorization
failure. The firewall logs show a rule 0 reject; "Refused topology request:
Authentication scheme not allowed for user."  But the user is the generic*
user defined for RADIUS and hybrid IKE. Any ideas?

-Tim

________________________   ______     ____       ___          __           
Tim Russo				
Xchange, Inc.
Sr. Security Engineer
EMail: [email protected]		
Phone:FAX:============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Patches for CPF1 SP2
Next by Date: RE: [FW1] Opinon Requested - to NAT or not to NAT DMZ Addresses
Previous by thread: [FW1] RADIUS Auth error when doing a SR "Update".
Next by thread: [FW1] Stripping MIME attachments...again.
Index(es):
- Date
- Thread