[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RADIUS Setup
All, FW-1 4.1 SP3 NT sp6a RADIUS - W2k IAS I have defined the following: Firewall Object: Authentication Tab - RADIUS I have defined a network object for my RADIUS server (Call it Radius1) I have created a RADIUS server object - entered the shared secret - I have selected RADIUS V2.0 I have created a RADIUS Group object, and placed the above RADIUS Server object in it. I have created the generic* user, added RADIUS, with my RADIUSServer group. I have added the generic* user to the appropriate SR group for rule definition. I have unchecked the 'allow fw-1, blah, blah connections' in the properties pane and have defined the appropriate connection rules manually (topo,key,IKE,mgmt, etc...->they all work) Before my stealth rule I have added the following rule: FW Radius1 UDP RADIUS Accept Long SRC On the w2k IAS server, I have added the FW object for authentication and enabled it in active directory. The server does appear in the RAS & IAS Servers group. The user does have RAS access enabled I get no loggin message on the RADIUS server about authentication even being attempted, but I get the following in the firewall logs: reject rule 0 reason Refused Topology request. Authentication scheme not allowed for user. 1 Question, do I need the routing and remote access service running on the IAS machine? If I switch to fw-1 password on the firewall object, my SR rules work fine. Can someone please tell me what I'm missing, I'm going crazy!!!! thanks in advance. PDB ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|