[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Active Directory Authentication
I will have my docs rewritten tomorrow for this if anyone is interested in them Dave Crowfoot www.works4me.com>>> [email protected] Thursday, October 09, 2003 12:13:21 PM >>> OK... but how can I set rules based on user groups?. I cannot do that with RADIUS. The only way to do that is using Account Manager integrating an LDAP or AD with the firewall. Am I Right?. L. On Thu, 2003-10-09 at 09:42, Lars Troen wrote: > Yes, you need an extra license in order to use LDAP while Radius and Tacacs comes for free. > > Lars > > -----Original Message----- > From: Leonardo Boulton [mailto:[email protected]] > Sent: Thu 09-Oct-03 2:47 PM > To: [email protected] > Cc: > Subject: Re: [FW-1] Active Directory Authentication > > > > Don't you need a especial license for that? (Account Management). > > Can you query an AD server without such license?. Maybe using Radius? > > L. > > On Wed, 2003-10-08 at 21:32, O'Flynn, Derek wrote: > > If you just want to use AD for SecuRemote connections, create the LDAP > > connection with appropriate settings and then assign a user via LDAP. I > > have heard rumors that the performance on LDAP sucks, but I have not tested > > it yet...no active directory yet :( > > > > I'm using Cisco's Access Control Server 3.1 at the moment because we are > > providing LEAP wireless authentication as well through them. Windows Server > > has IAS, Internat Authentication Server which is easy to setup as well if > > you wanted to go the RADIUS route. > > > > Derek > > > > -----Original Message----- > > From: David Crowfoot [mailto:[email protected]] > > Sent: Wednesday, October 08, 2003 6:21 PM > > To: [email protected] > > Subject: Re: [FW-1] Active Directory Authentication > > > > I had this setup and working before. I did not extend the schema or use > > radius services. Let me look up my notes, and recreate the setup. I > > was using it for secureclient. > > > > Dave Crowfoot > > www.works4me.com > >> > > > > > >>> [email protected] Wednesday, October 08, 2003 1:24:28 PM >>> > > Hi, > > > > I'd like to connect a Checkpoint NG-AI to a Microsoft > > Active Directory such that it uses the AD user database > > without further user management: > > > > I'm querying the AD as a LDAP user group which > > works well to find the user. But how can the > > Checkpoint verify the password given by the user? > > > > > > One solution would be to extend the LDAP Schema and > > to store the FW-1 passwords on the LDAP server, but that's > > not desired. There should be no further passwords, just the > > passwords the users use to login at the Windows machines. > > > > > > Another solution would be to configure the Checkpoint to > > query a RADIUS/TACACS server. ADS doesn't play RADIUS, does it? > > > > So what's the simplest way to allow users to authenticate against > > the Checkpoint (user auth/secure client) with the same password they > > use at their windows machines? > > > > regards > > Hadmut > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|