[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Active Directory Authentication
I've never set it up but AD certainly does work with Radius, i.e. IAS. You could of course use a Windows certificate server. BR Rob |---------+--------------------------------------------> | | Hadmut Danisch | | | <[email protected]> | | | Sent by: Mailing list for | | | discussion of Firewall-1 | | | <[email protected]| | | KPOINT.COM> | | | | | | | | | 08/10/2003 21:24 | | | Please respond to Mailing list | | | for discussion of Firewall-1 | | | | |---------+--------------------------------------------> >----------------------------------------------------------------------------------------------| | | | To: [email protected] | | cc: | | Subject: [FW-1] Active Directory Authentication | >----------------------------------------------------------------------------------------------| Hi, I'd like to connect a Checkpoint NG-AI to a Microsoft Active Directory such that it uses the AD user database without further user management: I'm querying the AD as a LDAP user group which works well to find the user. But how can the Checkpoint verify the password given by the user? One solution would be to extend the LDAP Schema and to store the FW-1 passwords on the LDAP server, but that's not desired. There should be no further passwords, just the passwords the users use to login at the Windows machines. Another solution would be to configure the Checkpoint to query a RADIUS/TACACS server. ADS doesn't play RADIUS, does it? So what's the simplest way to allow users to authenticate against the Checkpoint (user auth/secure client) with the same password they use at their windows machines? regards Hadmut ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ********************************************************************** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([email protected]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ********************************************************************** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ********************************************************************** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|