[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Re: RE: Radius authentication
Couple of things you want to look at: Make sure the Radius service is actually running (not trying to insult your intelligence, it's just better to be safe than to be sorry). Make sure the firewall and Radius server can ping each other. Verify the Radius server is defined correctly in the firewall and that you have verified the shared secret between the two. The next thing I would do is to try the authentication straight from the firewall and run some sort of sniffer so you can see the traffic and ensure that they are definitely communicating. Easiest way to run this test would be to run 'telnet localhost 259' on the firewall which will invoke the security server, enter a username of a user currently configured for radius, and then make sure it first works straight from the firewall to the radius server before you take the next step of getting actual users to authenticate from wherever they may be. As I said not trying to insult your intelligence in any way with my suggestions. It's just my experience that the longer you look/work @ a problem the further away the most obvious things get away from you. Hope this helps!! -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of mohamed maraikayar Sent: Wednesday, September 26, 2001 8:58 AM To: Brockhoven,Werner Cc: [email protected] Subject: [FW1] Re: RE: Radius authentication I havent added any rules till now.now i added 2 rules, from firewallgateway to raduis server any is allowed and vice versa.Still i recieve the same error.i configured a rule as " allusers@any ftp-serv ftp userauth gateway " and in the user properties, i enabled radius authentication for a user,say mohd.when i ftp to ftp-serv,i get a prompt bcoz of of user authentication rule.i entered the username mohd,that is to be authenticated by radius server.so fw-1 gave a prompt, "radius password:" ,i typed the password.then it took some 10 seconds time and displayed,"radius servers not responding".i disconnected the cable from fw-1 to radius server and tried again,i got the same error.so i can now conclude that there is some thing missing in the configuration of fw-1 or fw-1 related.any clues ? thanks mohamed. On Wed, 26 Sep 2001 Brockhoven, Werner wrote : > Hi, > > Do you have a rule to allow communication between the > radius and the FW-1 ? > What do you get in the logging ? > > I'm sorry but I should ask you to send mails to the > checkpoint mailing list > and not directly to me personally. > > Regards, > > Werner > > > -----Original Message----- > From: mohamed maraikayar [mailto:[email protected]] > Sent: Wednesday, September 26, 2001 12:41 PM > To: Brockhoven, Werner > Subject: Radius authentication > > > > Sorry, i am sending you a third mail.Now i have made a > win 2000 advanced > server as radius server.i have done the necesary > configurations ,added the > client as firewall's interface,defined radius server > group etc.The win NT > (SP4), i have installed checkpoint 4.1 (SP2).i have > defined the radius > server,shared key etc in check point also.but the error > i get is,"Radius > server not responding" , i searched mailing list also, > but didnt get the > answer.what may be the problem ? > thanks, > mohamed. > > ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|