[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SecuRemote authentication over LDAP
On Thu, May 23, 2002 at 01:29:12PM +0200, Samuel Wuethrich wrote: > Haven't got lookde through previous messages but in the encryption scheme of > every user object in the ldap, you'll find 'IKE' and there 'Password' and > 'Certificates' checkboxes. May you've to set a password there? I'm using NG FP1 all on Sun boxes (except for M$ AD of course). My target was to allow SecuRemote authentication agains LDAP servers (one AD and one iPlanet). For several reasons I don't want to go over each LDAP entry and modify it to use FW-1 enhanced scheme (that is i need to manage all LDAP users using non-FW-1 mechanisms). According to docs it is possible using templates (either LDAP templates or FW-1 user templates and i tried both). When SecuRemote asks for username and password all is working perfectly ok when i enter DN (ie uid=rramiega,dc=tdcinternet,dc=pl). When i enter only uid value (ie rramiega) all i get is "no pre-shared secret" error. There is no way i can define this using FP1 GUI tools. BTW i also have a test user in iPlanet with all the FW-1 specific entries in his DN (even IKE pre-shared or whatever it's called) still no go. I was looking at iPlanet logs (does AD log anything anywhere??) and i see firewall asking for entry and getting results (in both cases: the one with full DN and the one with only uid value). It just somehow doesn't 'process' them properly. I also verified that LDAP authentication works as expected using Client Auth (no matter if i authenticate as rramiega or as uid=rramiega,dc=tdcinternet,dc=pl id does succeed) Right now i'm slowly recreating (some) of my setup using FP2 to see if this will work as expected Hope my english is not that bad and someone can make anything from above =o) -- Robert Ramiega <[email protected]> RR282-RIPE Security Team Leader | Systems Administrator TDC Internet Polska SA | PDi Ltd ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|