[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] How to use MS IAS (on w2k with Active Directory) to authenticate SecureRemote client?
I followed this list and found some instructions but I
still can't make it works.
I'm using CPFW NG FP2 on Linux
I have installed IAS, and configure 2 clients (one
each for both IPs of the FW).
I use CHAP authentication on the IAS. How I do that:
Remote Access Policies->Allow access if dial-in
permission is enabled <double click> Edit Profile ->
auth tab -> check CHAP
Grant dial-in access in AD for users
Setup a RADIUS object on the firewall
(manage/servers/New/Radius Server).
Make a rule on the firewall that accepts the RADIUS
protocol between FW and IAS
create a FW user named "generic*" and use Radius as
auth method.
create a group called vpn-grp and include generic*
user in it.
create a rule: vpn-grp@Any->LAN->Any Service ->
Session Auth
Configuration at client side:
Fw-1 auth agent
SecureRemote
When I tried to ping from client to LAN, I will be
prompt to enter userid and password by SecureRemote. I
enter username of generic* and a password from one of
the users on the W2K(I know it sounds stupid), I
failed to be authenticated.
What are the steps i have missed?
chan
__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================