Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Radius Server Not Responding

To: [email protected]
Subject: Re: [FW-1] Radius Server Not Responding
From: Bitored <[email protected]>
Date: Mon, 8 Sep 2003 15:26:34 +1000
In-reply-to: <37FE1D2B6D463446BA919F7F6EBB3AC50277F83D@uscliexchange2.caselogic.com>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Jim,

Found the gui dbedit and it fixed my problem.

Thank you very your help.


 --- "Brown, Jim" <[email protected]> wrote: >
The RADIUS server (CiscoACS) is sending back an
> attribute outside those
> defined in the RFC. You need to configure the
> firewall to ignore the
> attribute.
>
> Here are the notes from my Repair Ticket:
>
> Some additional research over the weekend confirmed
> the issue with
> attribute 88. By design the firewall will reject any
> RADIUS accept
> packet if it contains an attribute outside those
> listed in the RFC. It
> will not simply ignore any "vendor specific"
> attribute.
> http://www.faqs.org/rfcs/rfc2138.html
>
> There are several knowledge base articles on the
> CheckPoint site
> referring to this issue. The articles were searched
> on keywords of
> "RADIUS and attributes". The articles were primarily
> written using
> information from version 4.1 and apply mostly in
> concept to NG. There is
> a log file in the log directory which will identify
> the offending
> attribute. The log file listed in the knowledge base
> article is
> incorrect. There is a configuration of the objects.C
> file specify RADIUS
> attributes to ignore.
>
> The change in behavior between version 3.1 and
> version 3.0 of the ACS
> server must include the transmission of attribute 88
> using our
> configuration.
>
> I plan on making modifications to the objects.C file
> today and updating
> the ACS server to its original configuration in
> version 3.1 prior to the
> outage on Friday.
>
> 3/19/03 JBB
> Downloaded a GUI DBEdit utility from  CheckPoint and
> made the
> ignore_radius modification to the objects.c file.
> This should fix the
> radius problem.
>
> -----Original Message-----
> From: Bitored [mailto:[email protected]]
> Sent: Thursday, September 04, 2003 8:09 PM
> To: [email protected]
> Subject: [FW-1] Radius Server Not Responding
>
>
> I have a problem with authenticating to Cisco Secure
> 3.2.
>
> Even though i enter the correct username and
> password
> combination the firewall (NG AI) logs the request as
> "Radius Server not responding". In the Cisco Secure
> log i can see the auth attempt was successful.
>
> I have noticed that the group settings of my cisco
> secure groups i have an "ip address assignment" of
> "Assigned from AAA Client pool " when i try to
> authenticate a user to the firewall (which passes
> the
> radius authentication request to Cisco Secure 3.2)
> it
> fails. When i set this setting to "No ip address
> assignment iot works".
>
> Obviously i need this setting for my dialup users
> who
> get assigned an ip address. Because a user
> can only belong to 1 group this setting must be set
> for when he/she dials in a gets an ip address.
> This worked fine in 3.0(1) Build 40. I have searched
> cisco tac and cannot see a similiar problem
>
> Has anyone seen this or found a work around.
>
>
> http://search.yahoo.com.au - Yahoo! Search
> - Looking for more? Try the new Yahoo! Search
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

http://search.yahoo.com.au - Yahoo! Search
- Looking for more? Try the new Yahoo! Search

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] Radius Server Not Responding
  - From: "Brown, Jim" <[email protected]>

Prev by Date: [FW-1]
Next by Date: Re: [FW-1] Can objects_5_0.C be modified manually and where to download guid bedit tool for FP2 on Nokia.
Previous by thread: Re: [FW-1] Radius Server Not Responding
Next by thread: [FW-1] TCP connectivity errors
Index(es):
- Date
- Thread