Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Active Directory Authentication

To: [email protected]
Subject: Re: [FW-1] Active Directory Authentication
From: Leonardo Boulton <[email protected]>
Date: Thu, 9 Oct 2003 08:47:08 -0400
In-reply-to: <[email protected]>
Organization: Cybertech Projects
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Don't you need a especial license for that? (Account Management).

Can you query an AD server without such license?. Maybe using Radius?

L.

On Wed, 2003-10-08 at 21:32, O'Flynn, Derek wrote:
> If you just want to use AD for SecuRemote connections, create the LDAP
> connection with appropriate settings and then assign a user via LDAP.  I
> have heard rumors that the performance on LDAP sucks, but I have not tested
> it yet...no active directory yet :(
>
> I'm using Cisco's Access Control Server 3.1 at the moment because we are
> providing LEAP wireless authentication as well through them.  Windows Server
> has IAS, Internat Authentication Server which is easy to setup as well if
> you wanted to go the RADIUS route.
>
> Derek
>
> -----Original Message-----
> From: David Crowfoot [mailto:[email protected]]
> Sent: Wednesday, October 08, 2003 6:21 PM
> To: [email protected]
> Subject: Re: [FW-1] Active Directory Authentication
>
> I had this setup and working before.  I did not extend the schema or use
> radius services.  Let me look up my notes, and recreate the setup.  I
> was using it for secureclient.
>
> Dave Crowfoot
> www.works4me.com
>>
>
> >>> [email protected] Wednesday, October 08, 2003 1:24:28 PM >>>
> Hi,
>
> I'd like to connect a Checkpoint NG-AI to a Microsoft
> Active Directory such that it uses the AD user database
> without further user management:
>
> I'm querying the AD as a LDAP user group which
> works well to find the user. But how can the
> Checkpoint verify the password given by the user?
>
>
> One solution would be to extend the LDAP Schema and
> to store the FW-1 passwords on the LDAP server, but that's
> not desired. There should be no further passwords, just the
> passwords the users use to login at the Windows machines.
>
>
> Another solution would be to configure the Checkpoint to
> query a RADIUS/TACACS server. ADS doesn't play RADIUS, does it?
>
> So what's the simplest way to allow users to authenticate against
> the Checkpoint (user auth/secure client) with the same password they
> use at their windows machines?
>
> regards
> Hadmut
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] Active Directory Authentication
  - From: "O'Flynn, Derek" <[email protected]>

Prev by Date: Re: [FW-1] DMZ to trust zone
Next by Date: [FW-1] AW: [FW-1] Incomplete MAC address w/ NG AI cluster
Previous by thread: Re: [FW-1] Active Directory Authentication
Next by thread: Re: [FW-1] Active Directory Authentication
Index(es):
- Date
- Thread