[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Active Directory Authentication
Yes, you need an extra license in order to use LDAP while Radius and Tacacs comes for free. Lars -----Original Message----- From: Leonardo Boulton [mailto:[email protected]] Sent: Thu 09-Oct-03 2:47 PM To: [email protected] Cc: Subject: Re: [FW-1] Active Directory Authentication Don't you need a especial license for that? (Account Management). Can you query an AD server without such license?. Maybe using Radius? L. On Wed, 2003-10-08 at 21:32, O'Flynn, Derek wrote: > If you just want to use AD for SecuRemote connections, create the LDAP > connection with appropriate settings and then assign a user via LDAP. I > have heard rumors that the performance on LDAP sucks, but I have not tested > it yet...no active directory yet :( > > I'm using Cisco's Access Control Server 3.1 at the moment because we are > providing LEAP wireless authentication as well through them. Windows Server > has IAS, Internat Authentication Server which is easy to setup as well if > you wanted to go the RADIUS route. > > Derek > > -----Original Message----- > From: David Crowfoot [mailto:[email protected]] > Sent: Wednesday, October 08, 2003 6:21 PM > To: [email protected] > Subject: Re: [FW-1] Active Directory Authentication > > I had this setup and working before. I did not extend the schema or use > radius services. Let me look up my notes, and recreate the setup. I > was using it for secureclient. > > Dave Crowfoot > www.works4me.com >> > > >>> [email protected] Wednesday, October 08, 2003 1:24:28 PM >>> > Hi, > > I'd like to connect a Checkpoint NG-AI to a Microsoft > Active Directory such that it uses the AD user database > without further user management: > > I'm querying the AD as a LDAP user group which > works well to find the user. But how can the > Checkpoint verify the password given by the user? > > > One solution would be to extend the LDAP Schema and > to store the FW-1 passwords on the LDAP server, but that's > not desired. There should be no further passwords, just the > passwords the users use to login at the Windows machines. > > > Another solution would be to configure the Checkpoint to > query a RADIUS/TACACS server. ADS doesn't play RADIUS, does it? > > So what's the simplest way to allow users to authenticate against > the Checkpoint (user auth/secure client) with the same password they > use at their windows machines? > > regards > Hadmut > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|