[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Check Point NG and Windows 2000 LDAP password expired issue solved
Everyone, I don't know how many people are using NG's ability to connect to a Windows 2000 LDAP server, but I thought I'd share a recent experience. Two Secure Client users were being denied access when they authenticated using their Windows 2000 domain username and password. The message displayed to the users and displayed in the log viewer stated that their username and password had expired. All of the firewall user groups and templates were set to expire in 2004. The users were still able to log into Windows 2000 without the operating system asking them to change their passwords. The problem turned out to be that Check Point does not read the Windows 2000 user account "Password Never Expires" setting. This issue could lead to a situation where half of a group of identically configured users are unable to authenticate to the firewall. Newly created user accounts would be allowed access while accounts created 42 days ago would be denied access. Commas in display names are another annoying issue. In order for NG to display a list of user accounts, I had to remove all of the commas in the display names. Instead of "Palmer, Kevin", I now have to use "Palmer Kevin". I hope these tips can save someone a few hours troubleshooting NG & W2K LDAP. Kevin Palmer Network Engineer - MCSE+I, CCSE, CCNA Granite Solutions, Inc. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|