Search
	display results
words begin exact words any words part
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] SDL & windows 2000

To: [email protected]
Subject: Re: [FW-1] SDL & windows 2000
From: James Oryszczyn <[email protected]>
Date: Mon, 17 Dec 2001 19:21:50 -0600
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Do you have a LMhosts file with the Domain Controllers in it?  I have found
that you still need to set a LMhosts file for SDL to work in W2k.

James
----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Monday, December 17, 2001 12:18 PM
Subject: Re: [FW-1] SDL & windows 2000


> James Oryszczyn <[email protected]> wrote:
>
> >W2K will have DNS and  netbios traffic on a boot up.  The Windows 2000
> >machine is trying to contact the domain controllers to get machine
policys
> >and such.  Capture when hit Ctrl-al-deltete and the tunnel comes up. Then
> >look for DNS traffic.
> >
>
> Hi,
> I've traced all packets leaving my SR/SC box. After startup of the
networking services the client tries to contact its DNS servers directly
without any use of SR/SC, although split DNS/ encrpted DNS is setup
correctly (it runs for a different NT box). When I now pass some random
credentials the logon fails however after that SR/SC logon window pops up.
When those credentials belong to a cached profile the logon process uses
this instead of waiting for SR to come up with the pop up window.
>
> Any further hints/ reading?
>
> Egonle
>
> >James
> >----- Original Message -----
> >From: <[email protected]>
> >To: <[email protected]>
> >Sent: Friday, December 14, 2001 3:36 AM
> >Subject: Re: [FW-1] SDL & windows 2000
> >
> >
> >> "Miller, Joe" <[email protected]> wrote:
> >>
> >> >Are you running W2k in Native mode or Mixed Mode? If you are running
> >> >Mixed mode, authentication will work. In native mode, however, there
are
> >> >issues with 4.1 (to be fixed in NG).
> >> >
> >> >Joe
> >> >
> >>
> >> IMHO, Native Mode and Mixed Mode are terms regarding the communication
> >between DCs not clients to a DC itself. Depending on the setup a W2K DC
is
> >able to fall-back to NTLMv2 authentication if Kerberos isn't supported by
> >the client.
> >>
> >> Anyway, after a reboot of the W2K machine my sniffer captured DNS, NBT
> >packets which the box is trying to contact directly (Encrypted DNS is
setup
> >correctly!). This points out that SecureClient/ SecuRemote is not able to
> >capture packets sent by the OS before a login process is started.
> >>
> >> After a reboot I've passed some random credentials so that a login
fails
> >for sure. After that "failed logon" securemote login window pops up and a
> >VPN tunnel is tried to open by SR.
> >>
> >>
> >> Egonle
> >> >-----Original Message-----
> >> >From: Michael S. Hobbs [mailto:[email protected]]
> >> >Sent: Thursday, December 13, 2001 10:30 AM
> >> >To: [email protected]
> >> >Subject: Re: [FW-1] SDL & windows 2000
> >> >
> >> >
> >> >I am using Win2k with AD, running FW-1 4.1 SP2, and the latest
> >> >SecureClient for FW-1 4.1.  I have SDL and SSO enabled and I am able
to
> >> >login just fine. The only problem is intermittent issues with the
login
> >> >script. Sometime it runs, sometimes it does not.
> >> >
> >> >Michael
> >> >
> >> >-----Original Message-----
> >> >From: Mailing list for discussion of Firewall-1
> >> >[mailto:[email protected]] On Behalf Of Jim
> >> >Laverty
> >> >Sent: Thursday, December 13, 2001 7:26 AM
> >> >To: [email protected]
> >> >Subject: Re: [FW-1] SDL & windows 2000
> >> >
> >> >
> >> >SDL does not work with Active Directory in Windows 2000, if you are
> >> >using the 4.1 version of FW-1.  I confirmed this with Checkpoint.  I
was
> >> >told NG would support this only.
> >> >
> >> >The srv packets never get passed through.  Load up a sniffer and
capture
> >> >a local domain login to an ADS box.  Then sniff the incoming
connection
> >> >from SecuRemote, you will see completely different behavior.  You can
do
> >> >SDL with NT 4.0, not W2K.
> >> >
> >> >-----Original Message-----
> >> >From: Mailing list for discussion of Firewall-1
> >> >[mailto:[email protected]] On Behalf Of
> >> >[email protected]
> >> >Sent: Thursday, December 13, 2001 4:49 AM
> >> >To: [email protected]
> >> >Subject: Re: [FW-1] SDL & windows 2000
> >> >
> >> >
> >> >"Michael S. Hobbs" <[email protected]> wrote:
> >> >
> >> >>Yes SDL is supported in Windows 2000.
> >> >>
> >> >
> >> >Ok, I've enbled SDL on W2K (without SSO). However SecuRemote/ Client
> >> >Login window does not pop up during login, so either a cached profile
is
> >> >used or the login fails.
> >> >
> >> >Regards,
> >> >
> >> >Egonle
> >> >
> >> >>Michael
> >> >>
> >> >>-----Original Message-----
> >> >>From: Mailing list for discussion of Firewall-1
> >> >>[mailto:[email protected]] On Behalf Of
> >> >>[email protected]
> >> >>Sent: Wednesday, December 12, 2001 2:21 PM
> >> >>To: [email protected]
> >> >>Subject: [FW-1] SDL & windows 2000
> >> >>
> >> >>
> >> >>Hi,
> >> >>does anybody know if SDL is supported on windows 2000?
> >> >>
> >> >>
> >> >>Regards,
> >> >>Egonle
> >> >>--
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>__________________________________________________________________
> >> >>Your favorite stores, helpful shopping tools and great gift ideas.
> >> >>Experience the convenience of buying online with Shop@Netscape!
> >> >>http://shopnow.netscape.com/
> >> >>
> >> >>Get your own FREE, personal Netscape Mail account today at
> >> >>http://webmail.netscape.com/
> >> >>
> >> >>=================================================
> >> >>To unsubscribe from this mailing list,
> >> >>please see the instructions at
> >> >>http://www.checkpoint.com/services/mailing.html
> >> >>=================================================
> >> >>To set vacation, Out Of Office, or away messages,
> >> >>send an email to [email protected]
> >> >>in the BODY of the email add:
> >> >>set fw-1-mailinglist nomail
> >> >>=================================================
> >> >>If you have any questions on how to change your
> >> >>subscription options, email Ron Alcatraz at:
[email protected]
> >> >
> >> >>=================================================
> >> >>
> >> >>=================================================
> >> >>To unsubscribe from this mailing list,
> >> >>please see the instructions at
> >> >>http://www.checkpoint.com/services/mailing.html
> >> >>=================================================
> >> >>To set vacation, Out Of Office, or away messages,
> >> >>send an email to [email protected]
> >> >>in the BODY of the email add:
> >> >>set fw-1-mailinglist nomail
> >> >>=================================================
> >> >>If you have any questions on how to change your
> >> >>subscription options, email Ron Alcatraz at:
[email protected]
> >> >
> >> >>=================================================
> >> >>
> >> >--
> >> >
> >> >
> >> >
> >> >
> >> >__________________________________________________________________
> >> >Your favorite stores, helpful shopping tools and great gift ideas.
> >> >Experience the convenience of buying online with Shop@Netscape!
> >> >http://shopnow.netscape.com/
> >> >
> >> >Get your own FREE, personal Netscape Mail account today at
> >> >http://webmail.netscape.com/
> >> >
> >> >=================================================
> >> >To unsubscribe from this mailing list,
> >> >please see the instructions at
> >> >http://www.checkpoint.com/services/mailing.html
> >> >=================================================
> >> >To set vacation, Out Of Office, or away messages,
> >> >send an email to [email protected]
> >> >in the BODY of the email add:
> >> >set fw-1-mailinglist nomail
> >> >=================================================
> >> >If you have any questions on how to change your
> >> >subscription options, email Ron Alcatraz at:
[email protected]
> >> >=================================================
> >> >
> >> >=================================================
> >> >To unsubscribe from this mailing list,
> >> >please see the instructions at
> >> >http://www.checkpoint.com/services/mailing.html
> >> >=================================================
> >> >To set vacation, Out Of Office, or away messages,
> >> >send an email to [email protected]
> >> >in the BODY of the email add:
> >> >set fw-1-mailinglist nomail
> >> >=================================================
> >> >If you have any questions on how to change your
> >> >subscription options, email Ron Alcatraz at:
[email protected]
> >> >=================================================
> >> >
> >> >=================================================
> >> >To unsubscribe from this mailing list,
> >> >please see the instructions at
> >> >http://www.checkpoint.com/services/mailing.html
> >> >=================================================
> >> >To set vacation, Out Of Office, or away messages,
> >> >send an email to [email protected]
> >> >in the BODY of the email add:
> >> >set fw-1-mailinglist nomail
> >> >=================================================
> >> >If you have any questions on how to change your
> >> >subscription options, email Ron Alcatraz at:
> >> >[email protected]
> >> >=================================================
> >> >
> >> >=================================================
> >> >To unsubscribe from this mailing list,
> >> >please see the instructions at
> >> >http://www.checkpoint.com/services/mailing.html
> >> >=================================================
> >> >To set vacation, Out Of Office, or away messages,
> >> >send an email to [email protected]
> >> >in the BODY of the email add:
> >> >set fw-1-mailinglist nomail
> >> >=================================================
> >> >If you have any questions on how to change your
> >> >subscription options, email Ron Alcatraz at:
> >> >[email protected]
> >> >=================================================
> >> >
> >> --
> >>
> >>
> >>
> >>
> >> __________________________________________________________________
> >> Your favorite stores, helpful shopping tools and great gift ideas.
> >Experience the convenience of buying online with Shop@Netscape!
> >http://shopnow.netscape.com/
> >>
> >> Get your own FREE, personal Netscape Mail account today at
> >http://webmail.netscape.com/
> >>
> >> =================================================
> >> To unsubscribe from this mailing list,
> >> please see the instructions at
> >> http://www.checkpoint.com/services/mailing.html
> >> =================================================
> >> To set vacation, Out Of Office, or away messages,
> >> send an email to [email protected]
> >> in the BODY of the email add:
> >> set fw-1-mailinglist nomail
> >> =================================================
> >> If you have any questions on how to change your
> >> subscription options, email Ron Alcatraz at:
> >> [email protected]
> >> =================================================
> >
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >To set vacation, Out Of Office, or away messages,
> >send an email to [email protected]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email Ron Alcatraz at:
> >[email protected]
> >=================================================
> >
> --
>
>
>
>
> __________________________________________________________________
> Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/
>
> Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/
>
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> If you have any questions on how to change your
> subscription options, email Ron Alcatraz at:
> [email protected]
> =================================================

=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================
References:
- Re: [FW-1] SDL & windows 2000
  - From: [email protected]
Prev by Date: Re: [FW-1] Log files
Next by Date: Re: [FW-1] Content-Encoding
Previous by thread: Re: [FW-1] SDL & windows 2000
Next by thread: Re: [FW-1] SDL & windows 2000
Index(es):
- Date
- Thread