NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Active Directory Authentication



OK... but how can I set rules based on user groups?. I cannot do that
with RADIUS. The only way to do that is using Account Manager
integrating an LDAP or AD with the firewall.

Am I Right?.

L.

On Thu, 2003-10-09 at 09:42, Lars Troen wrote:
> Yes, you need an extra license in order to use LDAP while Radius and Tacacs comes for free.
>
> Lars
>
>       -----Original Message-----
>       From: Leonardo Boulton [mailto:[email protected]]
>       Sent: Thu 09-Oct-03 2:47 PM
>       To: [email protected]
>       Cc:
>       Subject: Re: [FW-1] Active Directory Authentication
>
>
>
>       Don't you need a especial license for that? (Account Management).
>
>       Can you query an AD server without such license?. Maybe using Radius?
>
>       L.
>
>       On Wed, 2003-10-08 at 21:32, O'Flynn, Derek wrote:
>       > If you just want to use AD for SecuRemote connections, create the LDAP
>       > connection with appropriate settings and then assign a user via LDAP.  I
>       > have heard rumors that the performance on LDAP sucks, but I have not tested
>       > it yet...no active directory yet :(
>       >
>       > I'm using Cisco's Access Control Server 3.1 at the moment because we are
>       > providing LEAP wireless authentication as well through them.  Windows Server
>       > has IAS, Internat Authentication Server which is easy to setup as well if
>       > you wanted to go the RADIUS route.
>       >
>       > Derek
>       >
>       > -----Original Message-----
>       > From: David Crowfoot [mailto:[email protected]]
>       > Sent: Wednesday, October 08, 2003 6:21 PM
>       > To: [email protected]
>       > Subject: Re: [FW-1] Active Directory Authentication
>       >
>       > I had this setup and working before.  I did not extend the schema or use
>       > radius services.  Let me look up my notes, and recreate the setup.  I
>       > was using it for secureclient.
>       >
>       > Dave Crowfoot
>       > www.works4me.com
>       >>       >
>       >
>       > >>> [email protected] Wednesday, October 08, 2003 1:24:28 PM >>>
>       > Hi,
>       >
>       > I'd like to connect a Checkpoint NG-AI to a Microsoft
>       > Active Directory such that it uses the AD user database
>       > without further user management:
>       >
>       > I'm querying the AD as a LDAP user group which
>       > works well to find the user. But how can the
>       > Checkpoint verify the password given by the user?
>       >
>       >
>       > One solution would be to extend the LDAP Schema and
>       > to store the FW-1 passwords on the LDAP server, but that's
>       > not desired. There should be no further passwords, just the
>       > passwords the users use to login at the Windows machines.
>       >
>       >
>       > Another solution would be to configure the Checkpoint to
>       > query a RADIUS/TACACS server. ADS doesn't play RADIUS, does it?
>       >
>       > So what's the simplest way to allow users to authenticate against
>       > the Checkpoint (user auth/secure client) with the same password they
>       > use at their windows machines?
>       >
>       > regards
>       > Hadmut
>       >
>       > =================================================
>       > To set vacation, Out-Of-Office, or away messages,
>       > send an email to [email protected]
>       > in the BODY of the email add:
>       > set fw-1-mailinglist nomail
>       > =================================================
>       > To unsubscribe from this mailing list,
>       > please see the instructions at
>       > http://www.checkpoint.com/services/mailing.html
>       > =================================================
>       > If you have any questions on how to change your
>       > subscription options, email
>       > [email protected]
>       > =================================================
>       >
>       > =================================================
>       > To set vacation, Out-Of-Office, or away messages,
>       > send an email to [email protected]
>       > in the BODY of the email add:
>       > set fw-1-mailinglist nomail
>       > =================================================
>       > To unsubscribe from this mailing list,
>       > please see the instructions at
>       > http://www.checkpoint.com/services/mailing.html
>       > =================================================
>       > If you have any questions on how to change your
>       > subscription options, email
>       > [email protected]
>       > =================================================
>       >
>       > =================================================
>       > To set vacation, Out-Of-Office, or away messages,
>       > send an email to [email protected]
>       > in the BODY of the email add:
>       > set fw-1-mailinglist nomail
>       > =================================================
>       > To unsubscribe from this mailing list,
>       > please see the instructions at
>       > http://www.checkpoint.com/services/mailing.html
>       > =================================================
>       > If you have any questions on how to change your
>       > subscription options, email
>       > [email protected]
>       > =================================================
>
>       =================================================
>       To set vacation, Out-Of-Office, or away messages,
>       send an email to [email protected]
>       in the BODY of the email add:
>       set fw-1-mailinglist nomail
>       =================================================
>       To unsubscribe from this mailing list,
>       please see the instructions at
>       http://www.checkpoint.com/services/mailing.html
>       =================================================
>       If you have any questions on how to change your
>       subscription options, email
>       [email protected]
>       =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.