Hmmm,
Seems as tho the firewall possibly isn't querying the remote system for the
password ?
Mike
> -----Original Message-----
> From: Martin, Andy [SMTP:[EMAIL PROTECTED]]
> Sent: a ea?e 28 2000 12:23
> To: Fw-1-Mailinglist (E-mail)
> Subject: RE: [FW1] Ldap Interation
>
>
> Hiya,
>
> Communication between the firewall and the Exhange server is fine. The
> Account managment client from firewall-1 can query the Directory when run
> from the Firewall. The issue appears to be with the password
> authentication
> part of the transaction.
>
> If I use client authentication the Firewall can resolve the username to
> the
> relevant entry in the exchange address list i.e. it returns
> cn=alias.name,cn=recipients,ou=site.name,o=directory.name
>
> when I give it the password associted with the NT account who owns the
> mail
> box the authentication fails. I.e. Access Denied by Firewall-1
> authentication.
>
> The excact detail follows.
>
> Check Point FireWall-1 Client Authentication Server running on #######
> User: andy.martin
>
> User DN : CN=ANDY.MARTIN,CN=RECIPIENTS,OU=#######,O=#######
> Account unit: #######LDAP
> FireWall-1 password: *******
> Access denied by FireWall-1 authentication
>
> Cheers
>
> Andy
>
> -----Original Message-----
> From: Mike Glassman - Admin [mailto:[EMAIL PROTECTED]]
> Sent: 28 June 2000 03:29
> To: 'Martin, Andy'
> Cc: 'fw-1 listserv'
> Subject: RE: [FW1] Ldap Interation
>
>
>
> Martin,
>
> What exactly is the error you get ?
>
> Have you tried sniffing the line between your FW and the Exchange to see
> what is going on ?
>
> Are you sure the request is even getting to the Exchange, or back from
> there
> ?
>
> Any routers in the real environment that aren't in the test etc ?
>
> Just a few thoughts.
>
> Mike
>
> > -----Original Message-----
> > From: Martin, Andy [SMTP:[EMAIL PROTECTED]]
> > Sent: a ea?e 28 2000 11:04
> > To: Fw-1-Mailinglist (E-mail)
> > Subject: [FW1] Ldap Interation
> >
> >
> > Hiya,
> >
> > Bit wierd this, I've been playing with the X.500 connector on Exchange
> 5.5
> > trying to get Firewall 1 to use the Exchange directory for
> authentication.
> > From postings in this group I have been able to build a little test
> > facility
> > with Firewall and Exchange and the authentication works. Strangley
> enough
> > I
> > applied the same configuration to the live enviroment and it dosent.
> >
> > In the Lab I can authenticate using the alias name in the address list
> as
> > the username and then use the NT account's password that is associated
> > with
> > this alias to do Firewall-1 Authentication. In the live enviroment the
> > Firewall accepts the user name (alias name from the address list) but
> cant
> > seem to get the password bit sorted. Bit strange neither of the
> Firewall's
> > are domain members (thier unning on NT 4) and the configuration of the
> > exchange servers is the same. I canny figure it out captain anyone out
> > there
> > got any clues ???
> >
> >
> > Ta Muchley
> >
> > Andy
> > **********************************************************************
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the sender immediately.
> >
> > This footnote also confirms that this email message has been swept for
> > the presence of computer viruses.
> > **********************************************************************
> >
> >
> >
> ==========================================================================
> > ======
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
>
>
> ==========================================================================
> ==
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ==
> ====
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender immediately.
>
> This footnote also confirms that this email message has been swept for
> the presence of computer viruses.
> **********************************************************************
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
