[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Ldap Authentication for Securemote (NG)
Hi all, I am just trying to get the Usermanagement with Ldap working. I am using Secureclient NG, NG Firewall, and Openldap 2.0.15. I have adapted the schema, and can manage Users via the fw1 gui. (add + delete users, groups etc. ) but whenever i wanna use a (ldap definded) user with securemote, i get the following error message: "No pre-shared secret defined for user" on both, the client, and the firewalllog. But the authentication method i want to use is: "Internal Password", because i want to use the hybrid mode... (according to my ldapsearch, the authentications seems to be properly defined. --> I have attached a testuser ldapseach output The firewall (according to the debug of openldap) querys the ldap server, and seems to find the user. (If i use a non-existent user, securemote complains about an unknown user...) Any help appreciated! Michael --------------testuser----------------- # hallo, testgruppr, testme, at dn: cn=hallo,ou=testgruppr,o=testme,c=at cn: hallo uid: hallo sn: hallo description: no value mail: no value fw1grouptemplate: TRUE fw1expiration-date: 20011231 fw1auth-method: Internal Password fw1userPwdPolicy: 0 fw1ISAKMP-EncMethod: DES fw1ISAKMP-EncMethod: 3DES fw1enc-methods: ISAKMP fw1ISAKMP-HashMethods: MD5 fw1ISAKMP-HashMethods: SHA1 fw1ISAKMP-Transform: ESP fw1ISAKMP-DataIntegrityMethod: SHA1 fw1ISAKMP-DataEncMethod: DES fw1day: MON fw1day: TUE fw1day: WED fw1day: THU fw1day: FRI fw1day: SAT fw1day: SUN fw1hour-range-from: 00:00 fw1hour-range-to: 23:59 fw1allowed-dst: Any fw1allowed-src: Any fw1sr-auth-track: cryptlog fw1pwdlastmod: 20011205 userPassword:: e0NSWVBUfVJBWE9ZdS9GeFR0UFk= objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: fw1Person fw1ISAKMP-AuthMethods: no value __________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|