Bob, thanks for following this thread through.
I was also able to get everything 2 work, here was my problem:
As part of our NT lock down we set cachedlogoncount to 0 on all Win
NT boxes. This prevented local logon without a domain controller. Once I
reset this to 1, everything worked minus the following 2 things:
1.) No, the logon script does not run
2.) My Network Neighborhood works about 50% percent of the time.
Not sure why.
I am putting together a document that puts everything together, including
rule examples, group memberships, .C file changes, and client setups that
will hopefully make it easy to understand. If anyone wants a copy of this
email me directly and I'll ship it out when done. Mind everyone, this is
only for 4.1 SP2 versions of everything.
thanks again...
Patrick D. Baird
Senior Solutions Developer - MCSE
mVest Technology Solutions, Inc.
1700 Paoli Pike
Malvern, PA 19355
Wk: 610-407-0100 x305
Cl: 610-745-1839
-----Original Message-----
From: Bob Bisignani [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 20, 2000 1:33 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] SSO and SDL
>From my limited experience:
Try logging on as your NT Domain Account - just like you are on your
internal LAN.
Enable SDL only
Try from the Internet, logging on using your regular NT Domain Account
SecuRemote should launchput in the necessary credentials to access our
network - SecuRemote/Check Point credentials
You should see your logon script execute, if you have one - PLEASE LET ME
KNOW IF IT WORKS FOR YOU, IT DOESN'T WORK FOR ME. Server Mgr, User Mgr for
Domains should work. I have been able to add a PC to the Dmain from the
outside using this, change a password, have user who has never logged on
before logon etc. BUT THE LOGON SCRIPT DOES NOT WORK.
I had to include :netbios_nat (true) in my objects.C file to get this to
work and change my dnsinfo.C fiel to include my pdc and domain.
Bob
>From: Patrick Baird <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'"
><[EMAIL PROTECTED]>
>Subject: [FW1] SSO and SDL
>Date: Tue, 19 Sep 2000 14:36:16 -0400
>
>
>This was formerly "[FW1] Secure Domain Logon w/ SP2 win98 LMHOSTS entry".
>
>Magically, I say that because I'm not sure what I changed to fix it, I can
>now browse network neighborhood. I now have a "thicker skulled" question
>about SSO and SDL.
>
>When I have an NT laptop, I am logging in with a local username and
>password
>to that machine. So the machine domain, and not with cached credentials.
>What do I have to put in for SSO NT username? I want SSO and SDL to use my
>"network account" when started, but is SSO fired up based on who you login
>as?
>
>I hope my problem is clear, and its 4.1 SP2 on NT, with 4165 as the
>SecuRemote client.
>
>
>thanks!
>
>PDB
>
>
>
>===========================================================================
=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
