Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Web Surfing Authentication using NT Domains

To: "'Toth, David'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] Web Surfing Authentication using NT Domains
From: Dean Cunningham <[email protected]>
Date: Fri, 26 Jan 2001 14:44:26 +1300
Reply-to: [email protected]
Sender: [email protected]

Some additional info,

1) look at  ms proxy server or CSM proxy if all that you are wanting to
authenticate is outbound http/https/ftp browsing. These will provide
transparent authentication

2) Meta/Ip will provide transparent authentication, I do not think the
others listed will?

3) Look at using a w2k standalone server with its ias . It can be a
standalone server in a NT domain and act as a radius proxy server. It can
also handle realms. teh w2k version is much more fully featured.

4) if you end up with MS IAS then go to news.microsoft.com newsgroup
microsoft.public.internet.radius, there are a few MS guys that hang out
there that may be of some help.

5) one way trusts will need to be setup if you have multiple domains to auth
against.

-----Original Message-----
From: Frank Darden [mailto:[email protected]]
Sent: Friday, 26 January 2001 12:11 PM
To: 'Luke, Jason (ISS Southfield)'; 'Toth, David';
[email protected]
Subject: RE: [FW1] Web Surfing Authentication using NT Domains



Making the firewall a domain member would be a really bad idea, but Jason is
correct that it will work. In fact using NT domain passwords is a really bad
idea in general. I think this is a commonly agreed upon fact. If you must do
this (as we all must at one point or another) it is much better to use
external authenticators, such as a RADIUS or TACACS server that can proxy
the PDC for authentication.

Frank


-----Original Message-----
From: Luke, Jason (ISS Southfield) [mailto:[email protected]]
Sent: Thursday, January 25, 2001 4:23 PM
To: 'Toth, David'; [email protected]
Subject: RE: [FW1] Web Surfing Authentication using NT Domains



Haven't tried it but I believe if your firewall is NT and on the Domain, you
can select OS Password as your authentication method.  User hits rule with
Authentication, prompts NT OS to see if it is valid, NT Firewall doesn't
have the user defined locally so it polls the PDC, and the PDC validates the
user.  


-----Original Message-----
From: Toth, David [mailto:[email protected]]
Sent: Wednesday, January 24, 2001 12:11 PM
To: [email protected]
Subject: [FW1] Web Surfing Authentication using NT Domains



All,

Is is possible to use your NT domains to authenticate Internet users thru
FW-1 or do I have to use an LDAP or RADIUS server?

Thanks in Advance,

Dave.
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Web Surfing Authentication using NT Domains
Next by Date: [FW1] Checkpoint 2000 = 4.1?
Previous by thread: RE: [FW1] Web Surfing Authentication using NT Domains
Next by thread: [FW1] Web Surfing Authentication using NT Domains
Index(es):
- Date
- Thread