[FW1] VPN & W2K (LDAP)

[maxsecurity@FW1-NOSPAMinterfree.it]

Hi to everybody,

A  client  asked me to implement a VPN using IKE(but if it is easier I
can  think  to  use FWZ) for their remote users(probably they will use
secure remote, or secure client).

Right  now they have all the authentication information for that users
on  a  Win2K  server,  that have LDAP active (but I can activate other
services on it is needed).

So  it  would be great if I can plug the FW-1 (on solaris with HA) and
use  the  user  information  on the LDAP server for the authentication
(without   having  to  change  more  than  10k  users  information  or
password).

Probably  it  can  be done using Hybrid Authentication Mode, but can I
use  original  password stored on Win2K server, or do I need to change
them? are they (FW-1 and Win2K) stored in the same encrypted way?

And  then.....  Is  Hybrid  mode Authentication less secure than other
authentication scheme? Where can I find details about it?

Do  you  see  other  way to take Win2K user information from the Win2K
server to do the authentication on the FW-1?

Are  there  people  here that took user information from an WinNT 4.0,
Win2K  to  do  the authentication on the VPN? What is your experience?
Are there good documentation on it?

Best Regards, and sorry if some question on LDAP and win2k are "basic"
but I don't know that protocol/products well.....

MaX




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================