[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] AW: [FW1] authentication with Windows 2000?
Hi, the main infos for managing users with LDAP you find in the documents SecAdmin.pdf and AMClient.pdf from Checkpoint. But there are some specials, if you use ADS. At first you have to extend the schema of the ADS. You need all objects and attributes from checkpoint (see the manual) and the generic attribute "uid". If you want to use groups then you have the problem, that in ADS all groups are of the objectclass "group", but CP-FW1 is searching for objects of objectclass "groupOfNames" and "groupOfUniqueNames". So one solution is to extend the ADS-schema with the objectclass "groupOfUniqueNames" (groupOfNames exists, but it's an abstract class and you need a structurell class). But be careful if changing the schema (it's irreversible), try it at first in a testenvironment and after success you should use a ldif-file for changing the schema at your productmachine. Best regards Daniel Fitzner ---------------------------------------------------------------------------- --------- Daniel Fitzner IT-Services T-Systems debis Systemhaus GEI GmbH / GS Berlin debis Haus am Potsdamer Platz 10875 Berlin mail: [email protected] fon: +49 30 2554-3266 fax: +49 30 2554-3187 -----Ursprüngliche Nachricht----- Von: Ilya Akinfiev [mailto:[email protected]] Gesendet: Mittwoch, 27. Juni 2001 06:11 An: Fitzner Daniel Betreff: RE: [FW1] authentication with Windows 2000? Hi Daniel, Do you have any documents that you care to share about integrating ADS with CheckPoint?? Thanks in advance! Ilya Akinfiev Security Engineer SiegeWorksx 201 -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Fitzner Daniel Sent: Monday, June 25, 2001 2:48 AM To: Maria del Carmen Cc: FW1-Mailinglist (E-Mail) Subject: AW: [FW1] authentication with Windows 2000? Hi Carmen, if you use a W2K Domain, you use ADS. ADS has an ldap-interface and so you can after some schemachanges use the ldap account management from CP for authenticating the users. We use it successfully since three month. Another possible solution is to use the internet authentication server from W2K and Radius authentication. But I have no experiences with this. Best regards Daniel Fitzner ---------------------------------------------------------------------------- --------- Daniel Fitzner IT-Services T-Systems debis Systemhaus GEI GmbH / GS Berlin debis Haus am Potsdamer Platz 10875 Berlin mail: [email protected] fon: +49 30 2554-3266 fax: +49 30 2554-3187 -----Ursprüngliche Nachricht----- Von: Maria del Carmen [mailto:[email protected]] Gesendet: Freitag, 22. Juni 2001 17:11 An: Fw-1-Mailinglist (E-mail) Betreff: [FW1] authentication with Windows 2000? Hello, We have a customer that heard from their headquerters in Spain that Check Point was working with Microsoft to support authentication with Windows 2000 users. Do you know anything about it? Is there a way to authenticate with Windows 2000 users when the firewall is installed in Solaris?? Thanks. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ <<winmail.dat>> Attachment:
smime.p7s
|