| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Active Directory Authentication
- To: [email protected]
- Subject: Re: [FW-1] Active Directory Authentication
- From: "Jarmoc, Jeff R." <[email protected]>
- Date: Thu, 9 Oct 2003 14:43:26 -0500
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcOOnUESowpzcKkwS52RnyWtVvfgxgAACWlA
- Thread-topic: [FW-1] Active Directory Authentication
Some RADIUS servers, (Funk Software's Steel Belted RADIUS) will let you
determine which NT4 or AD accounts have access to RADIUS. If you don't
need to use RADIUS for other purposes, ensure that the RADIUS server
will only authenticate people in a 'SecureClient users' group within AD.
Then to give someone's account SecureClient access, they need only have
their account added to this group.
Jeff Jarmoc - CCSA, CCNA, MCSE
Network Analyst - Grubb & [email protected]
-----Original Message-----
From: Leonardo Boulton [mailto:[email protected]]
Sent: Thursday, October 09, 2003 2:13 PM
To: [email protected]
OK... but how can I set rules based on user groups?. I cannot do that
with RADIUS. The only way to do that is using Account Manager
integrating an LDAP or AD with the firewall.
Am I Right?.
L.
On Thu, 2003-10-09 at 09:42, Lars Troen wrote:
> Yes, you need an extra license in order to use LDAP while Radius and
Tacacs comes for free.
>
> Lars
>
> -----Original Message-----
> From: Leonardo Boulton [mailto:[email protected]]
> Sent: Thu 09-Oct-03 2:47 PM
> To: [email protected]
> Cc:
> Subject: Re: [FW-1] Active Directory Authentication
>
>
>
> Don't you need a especial license for that? (Account
Management).
>
> Can you query an AD server without such license?. Maybe using
Radius?
>
> L.
>
> On Wed, 2003-10-08 at 21:32, O'Flynn, Derek wrote:
> > If you just want to use AD for SecuRemote connections, create
the LDAP
> > connection with appropriate settings and then assign a user
via LDAP. I
> > have heard rumors that the performance on LDAP sucks, but I
have not tested
> > it yet...no active directory yet :(
> >
> > I'm using Cisco's Access Control Server 3.1 at the moment
because we are
> > providing LEAP wireless authentication as well through them.
Windows Server
> > has IAS, Internat Authentication Server which is easy to setup
as well if
> > you wanted to go the RADIUS route.
> >
> > Derek
> >
> > -----Original Message-----
> > From: David Crowfoot [mailto:[email protected]]
> > Sent: Wednesday, October 08, 2003 6:21 PM
> > To: [email protected]
> > Subject: Re: [FW-1] Active Directory Authentication
> >
> > I had this setup and working before. I did not extend the
schema or use
> > radius services. Let me look up my notes, and recreate the
setup. I
> > was using it for secureclient.
> >
> > Dave Crowfoot
> > www.works4me.com
> >> >
> >
> > >>> [email protected] Wednesday, October 08, 2003 1:24:28 PM
>>>
> > Hi,
> >
> > I'd like to connect a Checkpoint NG-AI to a Microsoft
> > Active Directory such that it uses the AD user database
> > without further user management:
> >
> > I'm querying the AD as a LDAP user group which
> > works well to find the user. But how can the
> > Checkpoint verify the password given by the user?
> >
> >
> > One solution would be to extend the LDAP Schema and
> > to store the FW-1 passwords on the LDAP server, but that's
> > not desired. There should be no further passwords, just the
> > passwords the users use to login at the Windows machines.
> >
> >
> > Another solution would be to configure the Checkpoint to
> > query a RADIUS/TACACS server. ADS doesn't play RADIUS, does
it?
> >
> > So what's the simplest way to allow users to authenticate
against
> > the Checkpoint (user auth/secure client) with the same
password they
> > use at their windows machines?
> >
> > regards
> > Hadmut
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
[email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email [email protected]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
