[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: [FW1] Re: RE: Radius authentication







Couple of things you want to look at:
 
> Make sure the Radius service is actually running (not 
> trying to insult your
> intelligence, it's just better to be safe than to be 
> sorry).

The Radius server is running.i checked by netstat -a command.Also i used the same machine as Radius server for pix firewall.So i conclude Radius server is running.I made the appropriate changes from pix firewall to Fw-1, e-g name of group, shared key etc.

> Make sure the firewall and Radius server can ping each 
> other.

There is a Layer 3 connectivity, i can ping.

> Verify the Radius server is defined correctly in the 
> firewall and that you
> have verified the shared secret between the two.

This is also done.2 places.(1).In Manage servers, i defined Radius server.(2) I created a radius server group,same name defined in win 2k radius server,and added the server in the group.
I created a user,and enabled authentication as radius in the user prop.If any other config needed,please let me know.
> The next thing I would do is to try the authentication 
> straight from the
> firewall and run some sort of sniffer so you can see 
> the traffic and ensure
> that they are definitely communicating. Easiest way to 
> run this test would
> be to run 'telnet localhost 259' on the firewall which 
> will invoke the
> security server, enter a username of a user currently 
> configured for radius,
> and then make sure it first works straight from the 
> firewall to the radius
> server before you take the next step of getting actual 
> users to authenticate
> from wherever they may be.

The user authentication is working. i choosed password from VPN/FW-1.Also client and session authentication works fine.when it comes to radius,the error comes.i also get a Radius password prompt.After that only,the error" RADIUS servers not responding".Trying with sniffer is a good idea,but i have to download and learn to use.yet i will try as last resort.
> As I said not trying to insult your intelligence in any 
> w
st my experience that the longer 
> you look/work @ a
> problem the further away the most obvious things get 
> away from you.
I thank God for giving a good attitude,i never get insulted in fact iam learning,Thanks.
Last but least, I would like to tell the versions, unfortunately the fw-1 is 4.1 version ,SP2 and OS is winNT 4 SP4.The radius server is Win ADV Server.


> 
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]
> On Behalf Of
> mohamed maraikayar
> Sent: Wednesday, September 26, 2001 8:58 AM
> To: Brockhoven,Werner
> Cc: [email protected]
> Subject: [FW1] Re: RE: Radius authentication
> 
> 
> 
> 
> I havent added any rules till now.now i added 2 rules, 
> from firewallgateway
> to raduis server any is allowed and vice versa.Still i 
> recieve the same
> error.i configured a rule as " allusers@any ftp-serv 
> ftp userauth gateway "
> and in the user properties, i enabled radius 
> authentication for a user,say
> mohd.when i ftp to ftp-serv,i get  a prompt bcoz of of 
> user authentication
> rule.i entered the username mohd,that is to be 
> authenticated by radius
> server.so fw-1 gave a prompt, "radius password:" ,i 
> typed the password.then
> it took some 10 seconds time and displayed,"radius 
> servers not responding".i
> disconnected the cable from fw-1 to radius server and 
> tried again,i got the
> same error.so i can now conclude that there is some 
> thing missing in the
> configuration of fw-1 or fw-1 related.any clues ?
> thanks
> mohamed.
> 
> On Wed, 26 Sep 2001 Brockhoven, Werner wrote :
> > Hi,
> >
> > Do you have a rule to allow communication between the
> > radius and the FW-1 ?
> > What do you get in the logging ?
> >
> > I'm sorry but I should ask you to send mails to the
> > checkpoint mailing list
> > and not directly to me personally.
> >
> > Regards,
> >
> > Werner
> >
> >
> > -----Original Message-----
>
ayar [mailto:[email protected]]
> > Sent: Wednesday, September 26, 2001 12:41 PM
> > To: Brockhoven, Werner
> > Subject: Radius authentication
> >
> >
> >
> > Sorry, i am sending you a third mail.Now i have made a
> > win 2000 advanced
> > server as radius server.i have done the necesary
> > configurations ,added the
> > client as firewall's interface,defined radius server
> > group etc.The win NT
> > (SP4), i have installed checkpoint 4.1 (SP2).i have
> > defined the radius
> > server,shared key etc in check point also.but the 
> error
> > i get is,"Radius
> > server not responding" , i searched mailing list also,
> > but didnt get the
> > answer.what may be the problem ?
> > thanks,
> > mohamed.
> >
> >
> 
> 
> 
> 
> ========================================================-
> ====================
> ====
>      To unsubscribe from this mailing list, please see 
> the instructions at
>                http://www.checkpoint.com/services/mailin-
> g.html
> ========================================================-
> ====================
> ====
> 
> 
> 
> ========================================================-
> ========================
>      To unsubscribe from this mailing list, please see 
> the instructions at
>                http://www.checkpoint.com/services/mailin-
> g.html
> ========================================================-
> ========================
> 
 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================