Hi,
I'm trying to set up RAS VPN authentication for users stored in two MS AD
directories. Actualy authentication is already working for 60 users in existing
setup: one MS AD and VPN-Pro (R60 HFA02) gateway.
Our company offers services for some child company, who has separate MS AD
server (with no trusts to first one). When I configure second AU in Smart
DashBoard with all parameters, fw gateway is still contacting first AD for LDAP
queries. Authentication works normaly only for users located on first MS AD.
I don't understand, how FW gateway knows where user resides, because we are
using "principal name" for authentication like: name.surname AT domain DOT xx
and name.surname AT domain1 DOT yy. Domain.xx nad Domain1.yy are actually
branches in separate AU objects, but it seems that FW is not able to select
them correctly.
AU1's branch: OU=users,DC=company,DC=xx
AU2's branch: OU=users,DC=company1,DC=yy
Do you have any ideas why. Did I miss something?
Thank you very much for answers and best regards
Andrej
________________________________
From: Mailing list for discussion of Firewall-1 on behalf of Marius Banica -
GmailAccount
Sent: Sun 8/27/2006 14:05
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Smtp and firewall-1
Hi gurus,
Iam using checkpoint R55 HFA17 which is installed on splat.
I have a smtp resources for sending outgoing emails.
The problem is that the helo command that the firewall sends the mail with
is the firewall object name i.e. if the firewall name is blabla then the
smtp will be helo blabla and the rest of the mail. Many servers reject that
because they expect full FQDN name.
Is there an option to make the smtp of checkpoint to add the full FQDN?
Thanks.
Marius Banica - Gmail Account.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
