[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] SecurID and FP3 addendum
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I had something to add to the profiles section of my document: Profiles This is for authenticating to SecurID through RADIUS. A particularly useful aspect of this feature is the ability to have user groups on the firewall and RADIUS server and never having to add user accounts. This is accomplished by creating groups on FW-1 prefaced by "RAD_", e.g. RAD_support. Another critical tip here: IF you did not import the RADIUS files during installation, you will have to do it now. The syntax to do this is: loadraddb "xyzzy" [dictionary] [mapfile] command = loadraddb password = hardcoded "xyzzy" (yes... really, this is the password.) dictionary = dictionary file (data/dictionary) securidmap = data/securidmap Next you need to create profiles and assign them to users. This is how the ACE server will pass an attribute (like "Class") back to the firewall to let it know that the user "Bob" that attempted to authenticate via "generic*" belongs to the Support group, and should be allowed for the Support rules in the policy. Go to Profiles and click Add (when you do this, a SecurID group is also created). Then assign it to a user. If your group structure is simple, this will not be hard, but if it's complex, i.e. many groups, you may end up creating a profile for each user and assigning it. -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPnC051UqWOkDpMZ2EQK3CgCfSJRWDS16A0flGPUT4/LruBiqL2wAoJA+ pq2pXD7zxyMmhwZLPr47whfz =f0GV -----END PGP SIGNATURE----- ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|