Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecureRemote/SecureClient on win9x w/ NT authentication..

To: [email protected]
Subject: Re: [FW-1] SecureRemote/SecureClient on win9x w/ NT authentication..
From: Stuart Teo <[email protected]>
Date: Wed, 21 Nov 2001 00:50:17 +0800
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2

Hi,

Have you looked at the firewall logs to see why (I assume) NT domain
authentication doesn't go through?

Does the logs show that NBT packets are accepted and allowed through?

Do you have LMHOSTS file in your Win9x clients that thell them who is
the PDC?

Regards,
Stuart

Jarmoc, Jeff wrote:

My company has been experiencing some problems with
SecureRemote/SecureClient running on win9x clients.  Over the past few
months, we've been rolling out Firewall-1, and we're at the stage in
the game where we want to start using Secure Remote.  However, we've
encountered a pretty serious problem.  It seems to work fine on
WinNT/2000 clients, but on 95, 98, Me, etc.. we're having quite a bit
of trouble.


The problem is this.  A user who dials up to their ISP, can connect
and successfully authenticate to the firewall via secureremote.
However, this only gives them an IP level connection.  What we need is
for them to be able to log on to our NT domain, so they can access
file servers, Exchange and SQL applications, etc.  NT and 2000 clients
don't appear to have any trouble, presumably because of these OS's
ability to cache credentials and other security differences.  Also, 95
and 98 users who are on cable, DSL, or other always-on internet
connections don't appear to have any problem.  I'm assuming the
problem lies in the fact that the users need to first authenticate to
their ISP, then authenticate to our domain.  Apparently 9x doesn't
like this process.


Has anyone successfully gotten this to work with 95 and/or 98?  Our
reseller has been less than helpful, and checkpoint themselves have
been of little help so I'm really hoping someone out there can help me
with this.  Secure Remote is one of the biggest reasons we bought this
product, and our difficulties in getting it working have not been
received well by management, nor have our reseller's lack of follow
through on helping with these problems.  It's to the point where it'll
be a tough sell to keep Checkpoint in place if this isn't resolved
soon.  I've tried the usual resources - Phoneboy.com, Nokia's web
site, Checkpoint and Reseller support, so my posting here is really a
last effort.

Our firewalls are Nokia IP 650s, running IPSO 3.4.1 and Firewall-1
SP3.  We've tried every available secureremote build with the same
result.  If anyone wants any further information I'd be more than
happy to provide it.

Thanks in advance for your assistance.


===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- [FW-1] SecureRemote/SecureClient on win9x w/ NT authentication..
  - From: "Jarmoc, Jeff" <[email protected]>

Prev by Date: Re: [FW-1] Too many FireWall Modules (#) in Network Objects: Lice nse is only for 1
Next by Date: Re: [FW-1] FireWall-1 & TrendMicro VirusWall http error
Previous by thread: [FW-1] SecureRemote/SecureClient on win9x w/ NT authentication..
Next by thread: [FW-1] Is there any way to get the current license?
Index(es):
- Date
- Thread