NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Active Directory Authentication

  • To: [email protected]
  • Subject: Re: [FW-1] Active Directory Authentication
  • From: Lars Troen <[email protected]>
  • Date: Thu, 9 Oct 2003 15:42:21 +0200
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcOOZZ92wcxfqdEuRwmS7lPCn3nhGQABW/c6
  • Thread-topic: [FW-1] Active Directory Authentication
Yes, you need an extra license in order to use LDAP while Radius and Tacacs comes for free.
 
Lars

	-----Original Message----- 
	From: Leonardo Boulton [mailto:[email protected]] 
	Sent: Thu 09-Oct-03 2:47 PM 
	To: [email protected] 
	Cc: 
	Subject: Re: [FW-1] Active Directory Authentication
	
	

	Don't you need a especial license for that? (Account Management).
	
	Can you query an AD server without such license?. Maybe using Radius?
	
	L.
	
	On Wed, 2003-10-08 at 21:32, O'Flynn, Derek wrote:
	> If you just want to use AD for SecuRemote connections, create the LDAP
	> connection with appropriate settings and then assign a user via LDAP.  I
	> have heard rumors that the performance on LDAP sucks, but I have not tested
	> it yet...no active directory yet :(
	>
	> I'm using Cisco's Access Control Server 3.1 at the moment because we are
	> providing LEAP wireless authentication as well through them.  Windows Server
	> has IAS, Internat Authentication Server which is easy to setup as well if
	> you wanted to go the RADIUS route.
	>
	> Derek
	>
	> -----Original Message-----
	> From: David Crowfoot [mailto:[email protected]]
	> Sent: Wednesday, October 08, 2003 6:21 PM
	> To: [email protected]
	> Subject: Re: [FW-1] Active Directory Authentication
	>
	> I had this setup and working before.  I did not extend the schema or use
	> radius services.  Let me look up my notes, and recreate the setup.  I
	> was using it for secureclient.
	>
	> Dave Crowfoot
	> www.works4me.com
	>>
	>
	> >>> [email protected] Wednesday, October 08, 2003 1:24:28 PM >>>
	> Hi,
	>
	> I'd like to connect a Checkpoint NG-AI to a Microsoft
	> Active Directory such that it uses the AD user database
	> without further user management:
	>
	> I'm querying the AD as a LDAP user group which
	> works well to find the user. But how can the
	> Checkpoint verify the password given by the user?
	>
	>
	> One solution would be to extend the LDAP Schema and
	> to store the FW-1 passwords on the LDAP server, but that's
	> not desired. There should be no further passwords, just the
	> passwords the users use to login at the Windows machines.
	>
	>
	> Another solution would be to configure the Checkpoint to
	> query a RADIUS/TACACS server. ADS doesn't play RADIUS, does it?
	>
	> So what's the simplest way to allow users to authenticate against
	> the Checkpoint (user auth/secure client) with the same password they
	> use at their windows machines?
	>
	> regards
	> Hadmut
	>
	> =================================================
	> To set vacation, Out-Of-Office, or away messages,
	> send an email to [email protected]
	> in the BODY of the email add:
	> set fw-1-mailinglist nomail
	> =================================================
	> To unsubscribe from this mailing list,
	> please see the instructions at
	> http://www.checkpoint.com/services/mailing.html
	> =================================================
	> If you have any questions on how to change your
	> subscription options, email
	> [email protected]
	> =================================================
	>
	> =================================================
	> To set vacation, Out-Of-Office, or away messages,
	> send an email to [email protected]
	> in the BODY of the email add:
	> set fw-1-mailinglist nomail
	> =================================================
	> To unsubscribe from this mailing list,
	> please see the instructions at
	> http://www.checkpoint.com/services/mailing.html
	> =================================================
	> If you have any questions on how to change your
	> subscription options, email
	> [email protected]
	> =================================================
	>
	> =================================================
	> To set vacation, Out-Of-Office, or away messages,
	> send an email to [email protected]
	> in the BODY of the email add:
	> set fw-1-mailinglist nomail
	> =================================================
	> To unsubscribe from this mailing list,
	> please see the instructions at
	> http://www.checkpoint.com/services/mailing.html
	> =================================================
	> If you have any questions on how to change your
	> subscription options, email
	> [email protected]
	> =================================================
	
	=================================================
	To set vacation, Out-Of-Office, or away messages,
	send an email to [email protected]
	in the BODY of the email add:
	set fw-1-mailinglist nomail
	=================================================
	To unsubscribe from this mailing list,
	please see the instructions at
	http://www.checkpoint.com/services/mailing.html
	=================================================
	If you have any questions on how to change your
	subscription options, email
	[email protected]
	=================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.