[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Linux -.fw-1
In win 2k adv server is configured for both ports,1645 and 1812 ,by default itself.one new doubt, i have installed another fw-1 over linux 6.2 redhat,kernel 2.2.x.i couldnt FWDIR.if i give setenv command, it says command not found.i am not able to come out of this problem.please help, mohamed. On Sat, 29 Sep 2001 Leonard Cheng wrote : > > Did you look into whether the same UDP ports are used. > I think FW-1 is using the default 1645 (authentication) > 1646 (Accounting) > while NT (at least Win2K for sure) is using 1812 and > 1813 respectively (RFC > 2026). > > Hope it helps. > > Leonard .... > > > -----Original Message----- > From: Mohamed Maraikayar [mailto:[email protected]] > Sent: September 28, 2001 12:42 AM > To: Juan Concepcion > Cc: [email protected]; > mohamed maraikayar; > Brockhoven,Werner > Subject: Re: RE: [FW1] Re: RE: Radius authentication > > > > > > > Couple of things you want to look at: > > > Make sure the Radius service is actually running (not > > trying to insult your > > intelligence, it's just better to be safe than to be > > sorry). > > The Radius server is running.i checked by netstat -a > command.Also i used the > same machine as Radius server for pix firewall.So i > conclude Radius server > is running.I made the appropriate changes from pix > firewall to Fw-1, e-g > name of group, shared key etc. > > > Make sure the firewall and Radius server can ping > each > > other. > > There is a Layer 3 connectivity, i can ping. > > > Verify the Radius server is defined correctly in the > > firewall and that you > > have verified the shared secret between the two. > > This is also done.2 places.(1).In Manage servers, i > defined Radius > server.(2) I created a radius server group,same name > defined in win 2k > radius server,and added the server in the group. > I created a user,and enabled authentication as radius > in the user prop.If > any other config needed,please let next thing I would do is to try the > authentication > > straight from the > > firewall and run some sort of sniffer so you can see > > the traffic and ensure > > that they are definitely communicating. Easiest way > to > > run this test would > > be to run 'telnet localhost 259' on the firewall > which > > will invoke the > > security server, enter a username of a user currently > > configured for radius, > > and then make sure it first works straight from the > > firewall to the radius > > server before you take the next step of getting > actual > > users to authenticate > > from wherever they may be. > > The user authentication is working. i choosed password > from VPN/FW-1.Also > client and session authentication works fine.when it > comes to radius,the > error comes.i also get a Radius password prompt.After > that only,the error" > RADIUS servers not responding".Trying with sniffer is a > good idea,but i have > to download and learn to use.yet i will try as last > resort. > > As I said not trying to insult your intelligence in > any > > w > st my experience that the longer > > you look/work @ a > > problem the further away the most obvious things get > > away from you. > I thank God for giving a good attitude,i never get > insulted in fact iam > learning,Thanks. > Last but least, I would like to tell the versions, > unfortunately the fw-1 is > 4.1 version ,SP2 and OS is winNT 4 SP4.The radius > server is Win ADV Server. > > > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected] > ] > > On Behalf Of > > mohamed maraikayar > > Sent: Wednesday, September 26, 2001 8:58 AM > > To: Brockhoven,Werner > > Cc: [email protected] > > Subject: [FW1] Re: RE: Radius authentication > > > > > > > > > > I havent added any rules till now.now i added 2 rules, > > > from firewallgateway > > to raduis server an vice versa.Still > i > > recieve the same > > error.i configured a rule as " allusers@any ftp-serv > > ftp userauth gateway " > > and in the user properties, i enabled radius > > authentication for a user,say > > mohd.when i ftp to ftp-serv,i get a prompt bcoz of > of > > user authentication > > rule.i entered the username mohd,that is to be > > authenticated by radius > > server.so fw-1 gave a prompt, "radius password:" ,i > > typed the password.then > > it took some 10 seconds time and displayed,"radius > > servers not responding".i > > disconnected the cable from fw-1 to radius server and > > tried again,i got the > > same error.so i can now conclude that there is some > > thing missing in the > > configuration of fw-1 or fw-1 related.any clues ? > > thanks > > mohamed. > > > > On Wed, 26 Sep 2001 Brockhoven, Werner wrote : > > > Hi, > > > > > > Do you have a rule to allow communication between > the > > > radius and the FW-1 ? > > > What do you get in the logging ? > > > > > > I'm sorry but I should ask you to send mails to the > > > checkpoint mailing list > > > and not directly to me personally. > > > > > > Regards, > > > > > > Werner > > > > > > > > > -----Original Message----- > > > ayar [mailto:[email protected]] > > > Sent: Wednesday, September 26, 2001 12:41 PM > > > To: Brockhoven, Werner > > > Subject: Radius authentication > > > > > > > > > > > > Sorry, i am sending you a third mail.Now i have > made a > > > win 2000 advanced > > > server as radius server.i have done the necesary > > > configurations ,added the > > > client as firewall's interface,defined radius server > > > group etc.The win NT > > > (SP4), i have installed checkpoint 4.1 (SP2).i have > > > defined the radius > > > server,shared key etc in check point also.but the > > error > > > i get is,"Radius > > > server not responding" , i searched mailing list > also, > > > but didnt get the > > > answer.what may be the problem ? > > > thanks, > > > moham . > > > > > > > > > > > > > > > > ======================================================- > ==- > > ==================== > > ==== > > To unsubscribe from this mailing list, please > see > > the instructions at > > http://www.checkpoint.com/services/mail- > in- > > g.html > > ======================================================- > ==- > > ==================== > > ==== > > > > > > > > ======================================================- > ==- > > ======================== > > To unsubscribe from this mailing list, please > see > > the instructions at > > http://www.checkpoint.com/services/mail- > in- > > g.html > > ======================================================- > ==- > > ======================== > > > > > > > ========================================================- > ==================== > ==== > To unsubscribe from this mailing list, please see > the instructions at > http://www.checkpoint.com/services/mailin- > g.html > ========================================================- > ==================== > ==== > > > ========================================================- > ======================== > To unsubscribe from this mailing list, please see > the instructions at > http://www.checkpoint.com/services/mailin- > g.html > ========================================================- > ======================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|