[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Radius/NT Groups
I have had good luck with IAS and Check Point. There is also support for groups, although I have not tried the following... Groups of RADIUS Users To create policy rules for groups of users which are not defined on the SmartCenter Server but are defined on a RADIUS server (including any RADIUS-compliant server like SecurId ACE/Server), proceed as follows: 1) Enable the feature by changing the value of the attribute add_radius_groups to true. This attribute is located under the firewall_properties object in the properties table. 2) Make sure that for each RADIUS server user has a profile that contains the attribute "Class" (or "Filter-Id" or any other RFC reply string attribute). The value of the attribute is the group which the user belongs to. In order to change "Class" to another attribute, modify the value of the firewall_properties attribute radius_groups_attr. 3) In the SmartDashboard, create a user group with the name "RAD_<group which the RADIUS users belong to>". The group may be empty. 4) Define a generic* user that uses this server for RADIUS authentication. Pedro Boavida wrote: > Hi, > > Is there workaround for authentication with radius/nt domain groups, > since its not currently functional ? > > TIA, > > Pedro Boavida Mailing list for discussion of Firewall-1 wrote: > I had the same situation at a customers, so we installed Internet > Authentication Service on a Win2k server that has access to the > Domain accounts - and then used the generic* user... > > it doesn't work very good though.. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|