Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP

Subject:	Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP
From:	cisco4ng <cisco4ng AT YAHOO DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 5 Mar 2007 05:39:04 -0800

thanks Rajeev and everyone.  I've gone through this documentation and also 
another newer
  version of CP and LDAP title "Integrating_Active_Directory_with_FW-1_NG.pdf". 
 
   
  I am using NGx R61 with HFA_01 and I am moving along fine until I hit page 16 
where
  I use a gateway cluster object and since I don't use Policy server, I move to 
the next page
  where it specifies that I create "default" template.  According to the screen 
shot, I should 
  see my LDAP user properties (according to the document, I should see the 
default tied
  to the LDAP user properties) but I am not seeing it.  I can retrieve the CRL 
fetch, querry from
  the SmartCenter to the Microsoft AD/LDAP server just fine.  
   
  What am I missing here?  thanks.
   
  cisco4ng

Rajeev Gupta <rgup14 AT GMAIL DOT COM> wrote:
  CP has an online doc to configure - it is for FP3 but should provide enough
guidelines for NGX - the underlying architecture has not changed and if
changed, let us know. Instead of 'generic*' user, you would need an external
user profile...

Here is the link to the doc:

http://dl3.checkpoint.com/paid/6b/msft_active_dir_ckp_ng_fp3.pdf?HashKey=1173098541_144083f43cd7e49a712e7b6218592e83&xtn=.pdf

hth,

Rajeev

On 3/4/07, cisco4ng wrote:
>
> Hi Everyone,
>
> I am wondering if someone has a detailed instructions on how to
> make checkpoint firewall NGx R61 with HFA_01 and Microsoft LDAP
> for SecureRemote users.
>
> here is my situation:
>
> I have a checkpoint firewall NGx R61 with HFA_01 running on a
> Nokia IP380 IP 4.1 build 19. The firewall is managed by a
> SmarCenter running on another Nokia IP650 (I know not supported
> but this is my lab), also NGx R61 with HFA_01. I have the
> checkpoint Account Management license on the SmartCenter.
>
> I can authenticate Securemote Users via Microsoft Radius Server,
> Steelbelt Radius Server, TACACS+ Server, RSA SecurID Server.
> I use the generic* users and associate that account with either
> MS Radius, TACACS+, RSA SecurID server authentication server
> and I am set. However, I don't know how to do this with
> Microsoft LDAP Server. Sadly, Checkpoint documentation
> does not offer much on authentication with LDAP, especially
> Microsoft LDAP. I have a standalone Active Directory (AD) Server
> running behind the firewall with users on that AD server that I want
> to be able to authenticate SecureRemote/client on this AD server.
>
> Can someone help me with this? How do I go about doing this?
>
> Thanks.
>
> cisco4ng
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------
> Finding fabulous fares is fun.
> Let Yahoo! FareChase search your favorite travel sites to find flight and
> hotel bargains.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


 
---------------------------------
No need to miss a message. Get email on-the-go 
with Yahoo! Mail for Mobile. Get started.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Help with authenticating SecureRemote/Client users with LDAP, cisco4ng Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP, Hugo van der Kooij Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP, Christopher McGill Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP, Rajeev Gupta Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP, cisco4ng <= Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP, Robert Elliott Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP, Christopher McGill

Previous by Date:	Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP, Rajeev Gupta
Next by Date:	Re: [FW-1] why do i need returning rules???, Anderson, Brian
Previous by Thread:	Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP, Rajeev Gupta
Next by Thread:	Re: [FW-1] Help with authenticating SecureRemote/Client users with LDAP, Robert Elliott
Indexes:	[Date] [Thread] [Top] [All Lists]