[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RE: [FW1] Re: RE: Radius authentication
Couple of things you want to look at:
> Make sure the Radius service is actually running (not
> trying to insult your
> intelligence, it's just better to be safe than to be
> sorry).
The Radius server is running.i checked by netstat -a command.Also i used the same machine as Radius server for pix firewall.So i conclude Radius server is running.I made the appropriate changes from pix firewall to Fw-1, e-g name of group, shared key etc.
> Make sure the firewall and Radius server can ping each
> other.
There is a Layer 3 connectivity, i can ping.
> Verify the Radius server is defined correctly in the
> firewall and that you
> have verified the shared secret between the two.
This is also done.2 places.(1).In Manage servers, i defined Radius server.(2) I created a radius server group,same name defined in win 2k radius server,and added the server in the group.
I created a user,and enabled authentication as radius in the user prop.If any other config needed,please let me know.
> The next thing I would do is to try the authentication
> straight from the
> firewall and run some sort of sniffer so you can see
> the traffic and ensure
> that they are definitely communicating. Easiest way to
> run this test would
> be to run 'telnet localhost 259' on the firewall which
> will invoke the
> security server, enter a username of a user currently
> configured for radius,
> and then make sure it first works straight from the
> firewall to the radius
> server before you take the next step of getting actual
> users to authenticate
> from wherever they may be.
The user authentication is working. i choosed password from VPN/FW-1.Also client and session authentication works fine.when it comes to radius,the error comes.i also get a Radius password prompt.After that only,the error" RADIUS servers not responding".Trying with sniffer is a good idea,but i have to download and learn to use.yet i will try as last resort.
> As I said not trying to insult your intelligence in any
> w
st my experience that the longer
> you look/work @ a
> problem the further away the most obvious things get
> away from you.
I thank God for giving a good attitude,i never get insulted in fact iam learning,Thanks.
Last but least, I would like to tell the versions, unfortunately the fw-1 is 4.1 version ,SP2 and OS is winNT 4 SP4.The radius server is Win ADV Server.
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]
> On Behalf Of
> mohamed maraikayar
> Sent: Wednesday, September 26, 2001 8:58 AM
> To: Brockhoven,Werner
> Cc: [email protected]
> Subject: [FW1] Re: RE: Radius authentication
>
>
>
>
> I havent added any rules till now.now i added 2 rules,
> from firewallgateway
> to raduis server any is allowed and vice versa.Still i
> recieve the same
> error.i configured a rule as " allusers@any ftp-serv
> ftp userauth gateway "
> and in the user properties, i enabled radius
> authentication for a user,say
> mohd.when i ftp to ftp-serv,i get a prompt bcoz of of
> user authentication
> rule.i entered the username mohd,that is to be
> authenticated by radius
> server.so fw-1 gave a prompt, "radius password:" ,i
> typed the password.then
> it took some 10 seconds time and displayed,"radius
> servers not responding".i
> disconnected the cable from fw-1 to radius server and
> tried again,i got the
> same error.so i can now conclude that there is some
> thing missing in the
> configuration of fw-1 or fw-1 related.any clues ?
> thanks
> mohamed.
>
> On Wed, 26 Sep 2001 Brockhoven, Werner wrote :
> > Hi,
> >
> > Do you have a rule to allow communication between the
> > radius and the FW-1 ?
> > What do you get in the logging ?
> >
> > I'm sorry but I should ask you to send mails to the
> > checkpoint mailing list
> > and not directly to me personally.
> >
> > Regards,
> >
> > Werner
> >
> >
> > -----Original Message-----
>
ayar [mailto:[email protected]]
> > Sent: Wednesday, September 26, 2001 12:41 PM
> > To: Brockhoven, Werner
> > Subject: Radius authentication
> >
> >
> >
> > Sorry, i am sending you a third mail.Now i have made a
> > win 2000 advanced
> > server as radius server.i have done the necesary
> > configurations ,added the
> > client as firewall's interface,defined radius server
> > group etc.The win NT
> > (SP4), i have installed checkpoint 4.1 (SP2).i have
> > defined the radius
> > server,shared key etc in check point also.but the
> error
> > i get is,"Radius
> > server not responding" , i searched mailing list also,
> > but didnt get the
> > answer.what may be the problem ?
> > thanks,
> > mohamed.
> >
> >
>
>
>
>
> ========================================================-
> ====================
> ====
> To unsubscribe from this mailing list, please see
> the instructions at
> http://www.checkpoint.com/services/mailin-
> g.html
> ========================================================-
> ====================
> ====
>
>
>
> ========================================================-
> ========================
> To unsubscribe from this mailing list, please see
> the instructions at
> http://www.checkpoint.com/services/mailin-
> g.html
> ========================================================-
> ========================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================