Hiya,
Communication between the firewall and the Exhange server is fine. The
Account managment client from firewall-1 can query the Directory when run
from the Firewall. The issue appears to be with the password authentication
part of the transaction.
If I use client authentication the Firewall can resolve the username to the
relevant entry in the exchange address list i.e. it returns
cn=alias.name,cn=recipients,ou=site.name,o=directory.name
when I give it the password associted with the NT account who owns the mail
box the authentication fails. I.e. Access Denied by Firewall-1
authentication.
The excact detail follows.
Check Point FireWall-1 Client Authentication Server running on #######
User: andy.martin
User DN : CN=ANDY.MARTIN,CN=RECIPIENTS,OU=#######,O=#######
Account unit: #######LDAP
FireWall-1 password: *******
Access denied by FireWall-1 authentication
Cheers
Andy
-----Original Message-----
From: Mike Glassman - Admin [mailto:[EMAIL PROTECTED]]
Sent: 28 June 2000 03:29
To: 'Martin, Andy'
Cc: 'fw-1 listserv'
Subject: RE: [FW1] Ldap Interation
Martin,
What exactly is the error you get ?
Have you tried sniffing the line between your FW and the Exchange to see
what is going on ?
Are you sure the request is even getting to the Exchange, or back from there
?
Any routers in the real environment that aren't in the test etc ?
Just a few thoughts.
Mike
> -----Original Message-----
> From: Martin, Andy [SMTP:[EMAIL PROTECTED]]
> Sent: a ea?e 28 2000 11:04
> To: Fw-1-Mailinglist (E-mail)
> Subject: [FW1] Ldap Interation
>
>
> Hiya,
>
> Bit wierd this, I've been playing with the X.500 connector on Exchange 5.5
> trying to get Firewall 1 to use the Exchange directory for authentication.
> From postings in this group I have been able to build a little test
> facility
> with Firewall and Exchange and the authentication works. Strangley enough
> I
> applied the same configuration to the live enviroment and it dosent.
>
> In the Lab I can authenticate using the alias name in the address list as
> the username and then use the NT account's password that is associated
> with
> this alias to do Firewall-1 Authentication. In the live enviroment the
> Firewall accepts the user name (alias name from the address list) but cant
> seem to get the password bit sorted. Bit strange neither of the Firewall's
> are domain members (thier unning on NT 4) and the configuration of the
> exchange servers is the same. I canny figure it out captain anyone out
> there
> got any clues ???
>
>
> Ta Muchley
>
> Andy
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender immediately.
>
> This footnote also confirms that this email message has been swept for
> the presence of computer viruses.
> **********************************************************************
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately.
This footnote also confirms that this email message has been swept for
the presence of computer viruses.
**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
