[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: [FW1] authentication with Windows 2000?
- To: "Ilya Akinfiev" <[email protected]>
- Subject: AW: [FW1] authentication with Windows 2000?
- From: "Fitzner Daniel" <[email protected]>
- Date: Wed, 27 Jun 2001 09:12:35 +0200
- Cc: "FW1-Mailinglist (E-Mail)" <[email protected]>
- Sender: [email protected]
- Thread-index: AcD+zBoMXMRU0ohARhiW0RnI8AQQ8wACJ83Q
- Thread-topic: [FW1] authentication with Windows 2000?
Hi,
the main infos for managing users with LDAP you find in the documents SecAdmin.pdf and AMClient.pdf from Checkpoint.
But there are some specials, if you use ADS. At first you have to extend the schema of the ADS. You need all objects and attributes from checkpoint (see the manual) and the generic attribute "uid".
If you want to use groups then you have the problem, that in ADS all groups are of the objectclass "group", but CP-FW1 is searching for objects of objectclass "groupOfNames" and "groupOfUniqueNames". So one solution is to extend the ADS-schema with the objectclass "groupOfUniqueNames" (groupOfNames exists, but it's an abstract class and you need a structurell class).
But be careful if changing the schema (it's irreversible), try it at first in a testenvironment and after success you should use a ldif-file for changing the schema at your productmachine.
Best regards
Daniel Fitzner
----------------------------------------------------------------------------
---------
Daniel Fitzner
IT-Services
T-Systems debis Systemhaus GEI GmbH / GS Berlin
debis Haus am Potsdamer Platz
10875 Berlin
mail: [email protected]
fon: +49 30 2554-3266
fax: +49 30 2554-3187
-----Ursprüngliche Nachricht-----
Von: Ilya Akinfiev [mailto:[email protected]]
Gesendet: Mittwoch, 27. Juni 2001 06:11
An: Fitzner Daniel
Betreff: RE: [FW1] authentication with Windows 2000?
Hi Daniel,
Do you have any documents that you care to share about integrating ADS with CheckPoint??
Thanks in advance!
Ilya Akinfiev Security Engineer
SiegeWorksx 201
-----Original Message-----
From: [email protected] [mailto:[email protected]]On Behalf Of Fitzner Daniel
Sent: Monday, June 25, 2001 2:48 AM
To: Maria del Carmen
Cc: FW1-Mailinglist (E-Mail)
Subject: AW: [FW1] authentication with Windows 2000?
Hi Carmen,
if you use a W2K Domain, you use ADS. ADS has an ldap-interface and so you can after some schemachanges use the ldap account management from CP for authenticating the users. We use it successfully since three month.
Another possible solution is to use the internet authentication server from W2K and Radius authentication. But I have no experiences with this.
Best regards
Daniel Fitzner
----------------------------------------------------------------------------
---------
Daniel Fitzner
IT-Services
T-Systems debis Systemhaus GEI GmbH / GS Berlin
debis Haus am Potsdamer Platz
10875 Berlin
mail: [email protected]
fon: +49 30 2554-3266
fax: +49 30 2554-3187
-----Ursprüngliche Nachricht-----
Von: Maria del Carmen [mailto:[email protected]]
Gesendet: Freitag, 22. Juni 2001 17:11
An: Fw-1-Mailinglist (E-mail)
Betreff: [FW1] authentication with Windows 2000?
Hello,
We have a customer that heard from their headquerters in Spain that Check
Point
was working with Microsoft to support authentication with Windows 2000
users.
Do you know anything about it?
Is there a way to authenticate with Windows 2000 users when the firewall is
installed in Solaris??
Thanks.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
<<winmail.dat>>
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
