You have to create an LDAP Account unit. You will need the distinguished name
of a user with at least read only rights to AD. Once the Account Unit is
created and you can successfully fetch the branches you need to create LDAP
Groups based on AD Groups or OU's. You can use the LDAP groups in your VPN
security rules.
Robert B. Elliott CCSE NGX
303.881.3083
relliott AT us.checkpoint DOT com
Sent via SecureClient Mobile
-----Original Message-----
From: "cisco4ng" <cisco4ng AT YAHOO DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Sent: 3/4/07 10:53 AM
Subject: [FW-1] Help with authenticating SecureRemote/Client users with LDAP
Hi Everyone,
I am wondering if someone has a detailed instructions on how to
make checkpoint firewall NGx R61 with HFA_01 and Microsoft LDAP
for SecureRemote users.
here is my situation:
I have a checkpoint firewall NGx R61 with HFA_01 running on a
Nokia IP380 IP 4.1 build 19. The firewall is managed by a
SmarCenter running on another Nokia IP650 (I know not supported
but this is my lab), also NGx R61 with HFA_01. I have the
checkpoint Account Management license on the SmartCenter.
I can authenticate Securemote Users via Microsoft Radius Server,
Steelbelt Radius Server, TACACS+ Server, RSA SecurID Server.
I use the generic* users and associate that account with either
MS Radius, TACACS+, RSA SecurID server authentication server
and I am set. However, I don't know how to do this with
Microsoft LDAP Server. Sadly, Checkpoint documentation
does not offer much on authentication with LDAP, especially
Microsoft LDAP. I have a standalone Active Directory (AD) Server
running behind the firewall with users on that AD server that I want
to be able to authenticate SecureRemote/client on this AD server.
Can someone help me with this? How do I go about doing this?
Thanks.
cisco4ng
---------------------------------
Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel
bargains.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
