[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Active Directory Authentication
Some RADIUS servers, (Funk Software's Steel Belted RADIUS) will let you determine which NT4 or AD accounts have access to RADIUS. If you don't need to use RADIUS for other purposes, ensure that the RADIUS server will only authenticate people in a 'SecureClient users' group within AD. Then to give someone's account SecureClient access, they need only have their account added to this group. Jeff Jarmoc - CCSA, CCNA, MCSE Network Analyst - Grubb & [email protected] -----Original Message----- From: Leonardo Boulton [mailto:[email protected]] Sent: Thursday, October 09, 2003 2:13 PM To: [email protected] OK... but how can I set rules based on user groups?. I cannot do that with RADIUS. The only way to do that is using Account Manager integrating an LDAP or AD with the firewall. Am I Right?. L. On Thu, 2003-10-09 at 09:42, Lars Troen wrote: > Yes, you need an extra license in order to use LDAP while Radius and Tacacs comes for free. > > Lars > > -----Original Message----- > From: Leonardo Boulton [mailto:[email protected]] > Sent: Thu 09-Oct-03 2:47 PM > To: [email protected] > Cc: > Subject: Re: [FW-1] Active Directory Authentication > > > > Don't you need a especial license for that? (Account Management). > > Can you query an AD server without such license?. Maybe using Radius? > > L. > > On Wed, 2003-10-08 at 21:32, O'Flynn, Derek wrote: > > If you just want to use AD for SecuRemote connections, create the LDAP > > connection with appropriate settings and then assign a user via LDAP. I > > have heard rumors that the performance on LDAP sucks, but I have not tested > > it yet...no active directory yet :( > > > > I'm using Cisco's Access Control Server 3.1 at the moment because we are > > providing LEAP wireless authentication as well through them. Windows Server > > has IAS, Internat Authentication Server which is easy to setup as well if > > you wanted to go the RADIUS route. > > > > Derek > > > > -----Original Message----- > > From: David Crowfoot [mailto:[email protected]] > > Sent: Wednesday, October 08, 2003 6:21 PM > > To: [email protected] > > Subject: Re: [FW-1] Active Directory Authentication > > > > I had this setup and working before. I did not extend the schema or use > > radius services. Let me look up my notes, and recreate the setup. I > > was using it for secureclient. > > > > Dave Crowfoot > > www.works4me.com > >> > > > > > >>> [email protected] Wednesday, October 08, 2003 1:24:28 PM >>> > > Hi, > > > > I'd like to connect a Checkpoint NG-AI to a Microsoft > > Active Directory such that it uses the AD user database > > without further user management: > > > > I'm querying the AD as a LDAP user group which > > works well to find the user. But how can the > > Checkpoint verify the password given by the user? > > > > > > One solution would be to extend the LDAP Schema and > > to store the FW-1 passwords on the LDAP server, but that's > > not desired. There should be no further passwords, just the > > passwords the users use to login at the Windows machines. > > > > > > Another solution would be to configure the Checkpoint to > > query a RADIUS/TACACS server. ADS doesn't play RADIUS, does it? > > > > So what's the simplest way to allow users to authenticate against > > the Checkpoint (user auth/secure client) with the same password they > > use at their windows machines? > > > > regards > > Hadmut > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|