[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NG FP2 and SecurID Authentification

To: [email protected]
Subject: Re: [FW-1] NG FP2 and SecurID Authentification
From: Russell Aspinwall <[email protected]>
Date: Mon, 30 Sep 2002 11:25:59 +0100
References: <001f01c26638$05a534f0$62fd440a@hmoll>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi Horst,

Two things to try :-

1. Install the RSA Client onto the RSA Server and try and authenticate
locally.
   if the RSA Client does authenticate using the SecurID token then you
have a
   RSA Server/Firewall issue.
   if the RSA Client does NOT authenticate using the SecurID token then
do step 2

2. Configure a Password for a user and then authenticate locally as
above then
   test a password with the client with the Firewall cluster. If both
work then
   you have a RSA Server/Token issue, in that the Ace Server can not
calculate
   the passcode generated by the token.

The token generates a passcode which is generated from time and a secret
code embedded in the token. The Ace Server knows the secret code
embedded in the token and so can calculate the passcode generated by the
token. If by setting a password the authentication works, then the
problem could be the Ace Server has the incorrect secret codes for the
token that you have.

Try setting the token to new Pin Mode and see if you can set the PIN for
a user, you may find you can but can then not re-authenticate.

Regards

Russell

Horst Moll wrote:
>
> Hi folks,
>
> I'm trying to authenticate users directly on a RSA server with using SecurID
> protocol instead of authenticate them on the firewall cluster directly.
> I followed the configuration manual provided by Check Point, but I it still
> doesn't work.
> Currently i can see that there is a communication between the firewall
> cluster and the RSA server, but the RSA server still brings the error
> message: Acess Denied - WRONG passcode!
> OK, that means the server communicate, but they are not talking with the
> same language!
> Has anyone an idea how I can find out more what's going wrong? Or has anyone
> an idea how to solve my problem?
> :-)Horst
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] NG FP2 and SecurID Authentification
  - From: Leonardo Boulton <[email protected]>
- Re: [FW-1] NG FP2 and SecurID Authentification
  - From: Yim Lee <[email protected]>

References:
- [FW-1] NG FP2 and SecurID Authentification
  - From: Horst Moll <[email protected]>

Prev by Date: [FW-1] Antwort: [FW-1] NG FP2 and SecurID Authentification
Next by Date: [FW-1] Install CP FP2 on linux rh 7.3
Prev by thread: Re: [FW-1] NG FP2 and SecurID Authentification
Next by thread: Re: [FW-1] NG FP2 and SecurID Authentification
Index(es):
- Date
- Thread