[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SDL & windows 2000
"Miller, Joe" <[email protected]> wrote: >Are you running W2k in Native mode or Mixed Mode? If you are running >Mixed mode, authentication will work. In native mode, however, there are >issues with 4.1 (to be fixed in NG). > >Joe > IMHO, Native Mode and Mixed Mode are terms regarding the communication between DCs not clients to a DC itself. Depending on the setup a W2K DC is able to fall-back to NTLMv2 authentication if Kerberos isn't supported by the client. Anyway, after a reboot of the W2K machine my sniffer captured DNS, NBT packets which the box is trying to contact directly (Encrypted DNS is setup correctly!). This points out that SecureClient/ SecuRemote is not able to capture packets sent by the OS before a login process is started. After a reboot I've passed some random credentials so that a login fails for sure. After that "failed logon" securemote login window pops up and a VPN tunnel is tried to open by SR. Egonle >-----Original Message----- >From: Michael S. Hobbs [mailto:[email protected]] >Sent: Thursday, December 13, 2001 10:30 AM >To: [email protected] >Subject: Re: [FW-1] SDL & windows 2000 > > >I am using Win2k with AD, running FW-1 4.1 SP2, and the latest >SecureClient for FW-1 4.1. I have SDL and SSO enabled and I am able to >login just fine. The only problem is intermittent issues with the login >script. Sometime it runs, sometimes it does not. > >Michael > >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[email protected]] On Behalf Of Jim >Laverty >Sent: Thursday, December 13, 2001 7:26 AM >To: [email protected] >Subject: Re: [FW-1] SDL & windows 2000 > > >SDL does not work with Active Directory in Windows 2000, if you are >using the 4.1 version of FW-1. I confirmed this with Checkpoint. I was >told NG would support this only. > >The srv packets never get passed through. Load up a sniffer and capture >a local domain login to an ADS box. Then sniff the incoming connection >from SecuRemote, you will see completely different behavior. You can do >SDL with NT 4.0, not W2K. > >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[email protected]] On Behalf Of >[email protected] >Sent: Thursday, December 13, 2001 4:49 AM >To: [email protected] >Subject: Re: [FW-1] SDL & windows 2000 > > >"Michael S. Hobbs" <[email protected]> wrote: > >>Yes SDL is supported in Windows 2000. >> > >Ok, I've enbled SDL on W2K (without SSO). However SecuRemote/ Client >Login window does not pop up during login, so either a cached profile is >used or the login fails. > >Regards, > >Egonle > >>Michael >> >>-----Original Message----- >>From: Mailing list for discussion of Firewall-1 >>[mailto:[email protected]] On Behalf Of >>[email protected] >>Sent: Wednesday, December 12, 2001 2:21 PM >>To: [email protected] >>Subject: [FW-1] SDL & windows 2000 >> >> >>Hi, >>does anybody know if SDL is supported on windows 2000? >> >> >>Regards, >>Egonle >>-- >> >> >> >> >>__________________________________________________________________ >>Your favorite stores, helpful shopping tools and great gift ideas. >>Experience the convenience of buying online with Shop@Netscape! >>http://shopnow.netscape.com/ >> >>Get your own FREE, personal Netscape Mail account today at >>http://webmail.netscape.com/ >> >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>To set vacation, Out Of Office, or away messages, >>send an email to [email protected] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>If you have any questions on how to change your >>subscription options, email Ron Alcatraz at: [email protected] > >>================================================= >> >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>To set vacation, Out Of Office, or away messages, >>send an email to [email protected] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>If you have any questions on how to change your >>subscription options, email Ron Alcatraz at: [email protected] > >>================================================= >> >-- > > > > >__________________________________________________________________ >Your favorite stores, helpful shopping tools and great gift ideas. >Experience the convenience of buying online with Shop@Netscape! >http://shopnow.netscape.com/ > >Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ > >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >If you have any questions on how to change your >subscription options, email Ron Alcatraz at: [email protected] >================================================= > >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >If you have any questions on how to change your >subscription options, email Ron Alcatraz at: [email protected] >================================================= > >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >If you have any questions on how to change your >subscription options, email Ron Alcatraz at: >[email protected] >================================================= > >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >If you have any questions on how to change your >subscription options, email Ron Alcatraz at: >[email protected] >================================================= > -- __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= If you have any questions on how to change your subscription options, email Ron Alcatraz at: [email protected] =================================================
|