| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Radius/NT Groups
- To: [email protected]
- Subject: Re: [FW-1] Radius/NT Groups
- From: "Steven J. Surdock, PE" <[email protected]>
- Date: Thu, 24 Jul 2003 17:27:39 -0400
- Importance: Normal
- In-reply-to: <6111FD9C30F8F344A3DAF3886A0CFE4D696E4B@coleridge.internal.kalana.com>
- Organization: Engineered Networks, LLC
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
I have had good luck with IAS and Check Point. There is also support
for groups, although I have not tried the following...
Groups of RADIUS Users To create policy rules for groups of users which are
not defined on the SmartCenter Server but are defined on a RADIUS server
(including any RADIUS-compliant server like SecurId ACE/Server), proceed as
follows:
1) Enable the feature by changing the value of the attribute
add_radius_groups to true. This attribute is located under the
firewall_properties object in the properties table.
2) Make sure that for each RADIUS server user has a profile that contains
the attribute "Class" (or "Filter-Id" or any other RFC reply string
attribute). The value of the attribute is the group which the user belongs
to. In order to change "Class" to another attribute, modify the value of the
firewall_properties attribute radius_groups_attr.
3) In the SmartDashboard, create a user group with the name "RAD_<group
which the RADIUS users belong to>". The group may be empty.
4) Define a generic* user that uses this server for RADIUS authentication.
Pedro Boavida wrote:
> Hi,
>
> Is there workaround for authentication with radius/nt domain groups,
> since its not currently functional ?
>
> TIA,
>
> Pedro Boavida
Mailing list for discussion of Firewall-1 wrote:
> I had the same situation at a customers, so we installed Internet
> Authentication Service on a Win2k server that has access to the
> Domain accounts - and then used the generic* user...
>
> it doesn't work very good though..
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
