All,
FW-1 4.1 SP3
NT sp6a
RADIUS - W2k IAS
I have defined the following:
Firewall Object: Authentication Tab - RADIUS
I have defined a network object for my RADIUS server (Call it Radius1)
I have created a RADIUS server object - entered the shared secret
- I have selected RADIUS V2.0
I have created a RADIUS Group object, and placed the above RADIUS Server
object in it.
I have created the generic* user, added RADIUS, with my RADIUSServer group.
I have added the generic* user to the appropriate SR group for rule
definition.
I have unchecked the 'allow fw-1, blah, blah connections' in the properties
pane and have defined the appropriate connection rules manually
(topo,key,IKE,mgmt, etc...->they all work)
Before my stealth rule I have added the following rule:
FW Radius1 UDP RADIUS Accept Long SRC
On the w2k IAS server, I have added the FW object for authentication and
enabled it in active directory. The server does appear in the RAS & IAS
Servers group. The user does have RAS access enabled
I get no loggin message on the RADIUS server about authentication even being
attempted, but I get the following in the firewall logs:
reject rule 0 reason Refused Topology request. Authentication scheme not
allowed for user.
1 Question, do I need the routing and remote access service running on the
IAS machine?
If I switch to fw-1 password on the firewall object, my SR rules work fine.
Can someone please tell me what I'm missing, I'm going crazy!!!!
thanks in advance.
PDB
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
