[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] LDAP authentication for securemote



Title: Message
Hi Sidharth,
 
I had a problem similar to your's and the only solution i found was to upgrade from FP2 to FP3, the think is if you are logging user access atempts you will never see a "Login" log of your user and there for the external users will not be recognised by the firewall although you get the message "User authenticated...".
 
As far as i know this problems may occur during the upgrade from 4.1 to NG FP2, it may be a bug or something, or in my humble opinion the script for upgrading, CP as developed, is not fully functional.
Please check in your logs you should get at least three entries during your authentication: Fw-topo; IKE; and Login if you don't see any "Login" log you are surely going through what i had before the upgrade.
 
Reply if you have any more questions.
 
Regards,
 
Carlos Santos
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Sidharth Bhadani
Sent: domingo, 1 de Dezembro de 2002 13:09
To: [email protected]
Subject: [FW-1] LDAP authentication for securemote

Hi all ,

 

I have a problem regarding securemote users being authenticated by ldap. I need your expertise in a problem which I am facing. I will be thankful if anyone of you could help me on this . I am using the document “Configuring Microsoft AD to work with FP2.pdf” for configuring LDAP integration with checkpoint NG FP2.

 

Now the issue is that when I connect using securemote I can use a ldap user to authenticate. I get a response saying “user authenticated by the firewall” but when I try to connect to internal resources it fails, even though my rule base allows an external group user which is bound to the ldap server to access internal recourses. I suspect that checkpoint is not recognizing the external group users which is bound to the ldap unit.. Could anyone tell me what I am doing wrong?

 

Appreciate any pointers.

 

Thanks and regards

Sid