A, There have been quite a few such requests lately. I'll see if I can write a step by step howto on the topic as it's not documented on Phoneboy or anywhere else that I've found.
But the basics are: - With nt4sp4 and later, plus in w2k (any sp) each user must be granted dial-in rights. - clear text (pap) authentication (no ms-chap or similar) - It works with both radius 1.0 and 2.0 protocol settings on fw1. - Make sure the firewall and the radius server can talk to each other and that there are no natting taking place on the radius communication. - For debugging purposes, tcpdump/network monitor and netcat are useful tools. Radius is using udp so you can't use telnet to verify the connection. - The radius shared secret might be sensitive about some characters, I don't remember which ones and if it was fw1 or w2k that caused this problem. - The IAS log is always a good place to watch carefully. Lars > -----Original Message----- > From: Andrea Coppini [mailto:andreacoppini@;IWG.INFO] > Sent: Thursday, October 24, 2002 22:11 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] SecureRemote NG + Radius > > > Lars, > > There are at least 2 of us interested in this information... Care to > share any info you might have on how to go about this? > > Regards > A > > > -----Original Message----- > From: Lars Troen [mailto:Lars.Troen@;PROXYCOM.NO] > Sent: 24 October 2002 8:30 PM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] SecureRemote NG + Radius > > > Chris, > I have used Microsoft Radius (IAS: NT4 / w2k AD) to authenticate users > on both 4.0, 4.1 and NGFP2. > > Lars > > -----Original Message----- > > From: Barber, Chris [mailto:cbarber@;CRITICALIP.COM] > > Sent: Thursday, October 24, 2002 18:52 > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] SecureRemote NG + Radius > > > > > > If you are using LDAP/Active Directory do a search on Checkpoints > > website for "Active Directory" in the list that comes up there will > > be a Document > > that is titled "How to configure Microsoft's Active Directory > > Server to work > > with Checkpoint NG FP2" that will be better than radius. > Last time I > > checked with CheckPoint they did not support Microsoft > > Radius, but that was > > on 4.1 fp5, it may now be supported on NG. > > > > Chris. > > > > -----Original Message----- > > From: Devon Harding - GTHLA [mailto:DHarding@;GILATLA.COM] > > Sent: Thursday, October 24, 2002 12:28 PM > > To: [EMAIL PROTECTED] > > Subject: [FW-1] SecureRemote NG + Radius > > > > > > How can I get SecureRemote NG to authenticate against a > radius (Win2K) > > > server without creating internal CheckPoint users? I'd > like for it to > > > look up the users on the Radius server instead of looking for them > > in CheckPoint > > first. > > > > -Devon > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > Andrea Coppini > +356 79 ANDREA (263732) > [EMAIL PROTECTED] > > EMPOWER PEOPLE - THE WORLD IN YOUR HAND > > iWG (iWORLD GROUP) is a global e-mobile company creating, > building and growing new businesses. iWG founders are > pioneers in creating multi-billion dollar mobile and Internet > businesses in Europe, Asia and the US. > > The Global Partners include the shareholders Bank of America, > Deutsche Bank, Hikari Tsushin, McCaw, PaineWebber/UBS, The > Dolphins' Trust, Perikles Trust and the iAA Advisory Network. > > www.iWG.info > > www.countryprofiler.com/iWG > > Privileged/Confidential Information may be contained in this > message. If you are not the addressee indicated in this > message (or responsible for delivery of the message to such > person), you may not copy or deliver this message to anyone. > In such case, you should destroy this message and kindly > notify the sender by reply email. > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
