[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] radius help
Norman, Could it be spoofing?? -- Chris Tidwell Central Region Security Engineer Check Point Software Technologies(V)(F) http://www.checkpoint.com WE SECURE THE INTERNET * VPN-1 SecuRemote Demo: http://www.checkpoint.com/vpndemo/ * Check Point Partner Email: http://www.checkpoint.com/partners/list.html * Technical Support Knowledge Base: http://support.checkpoint.com/kb/index.html * Help Desk: http://www.checkpoint.com/operations/ * Public Support Site: http://www.checkpoint.com/techsupport/index.html * Public Configuration Documents: http://support.checkpoint.com/service/publisher.asp * Healthcare Security Information Center: http://www.checkpoint.com/products/hipaa/ ______________________________________ This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Friday, March 7, 2003, 10:06:26 AM, you wrote: NZ> Hi, NZ> I have done some further troubleshooting. I see the RAIDUS packets from port NZ> 1645 that originate from firewall to RADIUS server received reject. But NZ> behind the LAN on a different machine in the same subnet, I received accept. NZ> My firewall is set to allow outgoing traffic. Are there other properties NZ> that I need to set in NG FP3? NZ> Regards, NZ> Norman NZ> ----- Original Message ----- NZ> From: "Norman Zhang" <[email protected]> NZ> To: <[email protected]> NZ> Sent: Monday, March 03, 2003 5:45 PM NZ> Subject: [FW-1] radius help NZ> Hi, NZ> I had this working in 4.1 but I can't get RADIUS to work in NG FP3. I NZ> installed IAS from NT 4.0 Option Pack then applied midcamp.exe and NZ> iassp6-x86.exe from MS. NZ> My firewall rule is localusers@LAN -->>any-->any-->http-->user authentication NZ> The RADIUS clients file is setup as NZ> FWIntIP mySecret NZ> and users as NZ> DEFAULT NZ> Internal-Proxy-Server = "DLL C:\Program Files\IAS\authsam.dll" NZ> Framed-Protocol = PPP NZ> Framed-Routing = Send NZ> Service-Type = Framed NZ> Event Viewer displays the following with Event ID: 8207, Source: AuthSrv, NZ> Type: Warning, Category: Malformed Packet NZ> Unknown Client: Source = FWIntIP:2912 NZ> Code = Access-Request NZ> Identifier = 64 NZ> User-Name = InternalUser NZ> Password = ****** NZ> Service-Type = Authenticate-Only NZ> NAS-IP-Address = FwExtIP NZ> Would someone please give some pointers here? NZ> Regards, NZ> Norman NZ> --- NZ> Hi, NZ> I have a RADIUS on a NT 4.0 BDC. I need to able to authenticate NG FP3 with NZ> the RADIUS, but I seem to forget what settings that I need to change the NZ> users file. I tried to follow, NZ> DEFAULT Auth-Type = System, User-Service-Type = Login-User NZ> as described in NZ> http://www.phoneboy.com/fom/fom.pl?_highlightWords=radius&file=435. But NZ> those two attributes does not seem to exist in RADIUS (I'm using the one NZ> came with NT 4.0 Option Pack (with appropriate fixes). Does anyone remember NZ> what I need to change in the configuration file to get this working? NZ> ================================================= NZ> To set vacation, Out Of Office, or away messages, NZ> send an email to [email protected] NZ> in the BODY of the email add: NZ> set fw-1-mailinglist nomail NZ> ================================================= NZ> To unsubscribe from this mailing list, NZ> please see the instructions at NZ> http://www.checkpoint.com/services/mailing.html NZ> ================================================= NZ> If you have any questions on how to change your NZ> subscription options, email NZ> [email protected] NZ> ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|