Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Connecting up to Radius server

To: [email protected]
Subject: [FW1] Connecting up to Radius server
From: "Paul T. Root" <[email protected]>
Date: Fri, 22 Dec 2000 14:44:06 -0600
Organization: !nterprise Networking Services
Sender: [email protected]

I have the Merit Basic AAA Radius server running, and I'm trying
to get user authentication going on my Nokia (4.0 SP5). But nothing
I do works. I've followed the instructions on Phone Boy and the
Checkpoint Knowledge base the best I can (they are pretty much 
the same), however it doesn't work. I wants me to put 
"User-Service-Type = Login-User" but that doesn't exist. The closest
thing is "Service-Type = Login". 

Trying to use a Null Realm gives me:

User: test
RADIUS password: ****
Access denied by RADIUS authentication  

Fri Dec 22 14:17:16 2000: Received-Authentication: 231/1 'test' via
nokia from x.x.x.x Authenticate-Only
Fri Dec 22 14:17:16 2000: Authentication: 231/1 'test' via nokia from
x.x.x.x Authenticate-Only - FAILED Improper 'userid@realm' specification
-- total 0, holding 0

Ok so I create a realm and I get this:

User: test@junk
RADIUS password: ****
RADIUS servers not responding
                           

Fri Dec 22 14:17:39 2000: Received-Authentication: 232/2 'test@junk' via
nokia from x.x.x.x Authenticate-Only
Fri Dec 22 14:17:39 2000: Authentication: 232/2 'test@junk' via nokia
from x.x.x.x Authenticate-Only - OK -- total 0, holding 0
Fri Dec 22 14:17:44 2000: Received-Authentication: 232/2 'test@junk' via
nokia from x.x.x.x Authenticate-Only (1 retries)
Fri Dec 22 14:17:49 2000: Received-Authentication: 232/3 'test@junk' via
nokia from x.x.x.x Authenticate-Only
Fri Dec 22 14:17:49 2000: Authentication: 232/3 'test@junk' via nokia
from x.x.x.x Authenticate-Only - OK -- total 0, holding 0


So, ok, this looks like it passes authentication but the nokia is
ignoring me.

The possible complication is that the radius server is on the external
interface. 
However this is an internal test firewall so that's not really an issue.
The
address that's in the logfile x.x.x.x is on the internal network. 




                                    /------ Radius server
Internet  --- Real Firewall   ------ 
                                    \------ Nokia    ----------   test
network
                                                \  ----  internal
network


I do see packets coming back from the radius server to the nokia via
tcpdump.


Anyone have any ideas. 

Thnaks,
Paul.







-- 
Paul T. Root 			E/Mail: [email protected]
USWEST is now Qwest		PAG:600 Stinson Blvd, Flr 1S	WRK:Minneapolis, MN  55413		FAX:================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] radware
Next by Date: Re: [FW1] ftp server using random high ports and checkpoint
Previous by thread: Re: [FW1] Packet loss help
Next by thread: [FW1] Non-transparent Mode and HTTPS
Index(es):
- Date
- Thread