Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] ldap authentication ok in ftp but not in http

To: [email protected]
Subject: [FW-1] ldap authentication ok in ftp but not in http
From: Onie Camara <[email protected]>
Date: Mon, 25 Mar 2002 17:37:06 -0600
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi guys,

I've got some weird behavior here or I might be wrong when I supply the
username. Anyways,
here it is.

I got openldap 1.2 running. I am able to establish ftp connection to an ftp
server(wuftpsvr) behind the checkpoint.
I have a rule in number which says:

source       |  destination   |  service      | action
ldapusers   |  wuftpsvr     |  ftp & http  | user auth

snipped from my ftp session--
------------------------------
C:\>ftp 192.168.0.123
Connected to 192.168.0.123.
220 aftpd: Check Point FireWall-1 Secure FTP server running on debian
User (192.168.0.123:(none)): ronneil
331-aftpd:
User DN     : CN=RONNEIL R CAMARA,DC=REMINGTONLTD,DC=COM
Account unit: openldap12
331 aftpd: FireWall-1 password: you can use password@FW-1-password
Password:
230-aftpd: User ronneil authenticated by FireWall-1 authentication
230-aftpd: Connected to 192.168.0.123. Logging in...
230-aftpd: 220 dev-fw1 FTP server (Version wu-2.6.1(1) Wed Aug 9 05:54:50
EDT 20
00) ready.
230-aftpd: 331 Password required for ronneil.
230 aftpd: 230 User ronneil logged in.


But if I try to browse the website of wuftpsvr, I am prompted by username
and password but supplying
the username and password rejects me.

This is what I see on my internet explorer:

Error 401
FW-1 at debian: Unauthorized to access the document.

Authorization is needed for FW-1.

The authentication required by FW-1 for ronneil is: FW-1 password.

Reason for failure of last attempt: Access denied by FireWall-1
authentication

And on Firewall Logs, it says:
reason Not allowed by rulebase resource http://192.168.0.23:80

Any ideas?

Thanks.

Neil

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] HA + LoadBalancing with Foundry switches ?
  - From: James Schnack <[email protected]>

Prev by Date: Re: [FW-1] HA + LoadBalancing with Foundry switches ?
Next by Date: [FW-1] Discovery of FW-1
Previous by thread: Re: [FW-1] HA + LoadBalancing with Foundry switches ?
Next by thread: [FW-1] FYI - User Center down for maintenance
Index(es):
- Date
- Thread