Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecuRemote authentication over LDAP

To: [email protected]
Subject: Re: [FW-1] SecuRemote authentication over LDAP
From: Robert Ramiega <[email protected]>
Date: Thu, 23 May 2002 14:10:38 +0200
In-reply-to: <[email protected]>
Mail-followup-to: Robert Ramiega <[email protected]>, [email protected]
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mutt/1.3.28i

On Thu, May 23, 2002 at 01:29:12PM +0200, Samuel Wuethrich wrote:
> Haven't got lookde through previous messages but in the encryption scheme of
> every user object in the ldap, you'll find 'IKE' and there 'Password' and
> 'Certificates' checkboxes. May you've to set a password there?
 I'm using NG FP1 all on Sun boxes (except for M$ AD of course). My
target was to allow SecuRemote authentication agains LDAP servers (one
AD and one iPlanet). For several reasons I don't want to go over each
LDAP entry and modify it to use FW-1 enhanced scheme (that is i need to
manage all LDAP users using non-FW-1 mechanisms). According to docs it
is possible using templates (either LDAP templates or FW-1 user
templates and i tried both). When SecuRemote asks for username and
password all is working perfectly ok when i enter DN (ie
uid=rramiega,dc=tdcinternet,dc=pl). When i enter only uid value (ie
rramiega) all i get is "no pre-shared secret" error. There is no way i
can define this using FP1 GUI tools.
 BTW i also have a test user in iPlanet with all the FW-1 specific
entries in his DN (even IKE pre-shared or whatever it's called) still no
go.
 I was looking at iPlanet logs (does AD log anything anywhere??) and i
see firewall asking for entry and getting results (in both cases: the
one with full DN and the one with only uid value). It just somehow
doesn't 'process' them properly.
 I also verified that LDAP authentication works as expected using Client
Auth (no matter if i authenticate as rramiega or as
uid=rramiega,dc=tdcinternet,dc=pl id does succeed)
 Right now i'm slowly recreating (some) of my setup using FP2 to see if
this will work as expected

 Hope my english is not that bad and someone can make anything from
above =o)

--
 Robert Ramiega  <[email protected]> RR282-RIPE
 Security Team Leader   | Systems Administrator
 TDC Internet Polska SA | PDi Ltd

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] SecuRemote authentication over LDAP
  - From: Samuel Wuethrich <[email protected]>

Prev by Date: Re: [FW-1] Please unsubscribe me.
Next by Date: Re: [FW-1] too many ip address
Previous by thread: Re: [FW-1] SecuRemote authentication over LDAP
Next by thread: [FW-1] VPN with NAT
Index(es):
- Date
- Thread