So, what does it take to use NDS for your users?
Can you grant/deny access based on the user?
Thanks!
Title: RE: [FW1] User Auth with NDS/LDAP or ACE/Radius - How does it wor k?
Yes. Firewall-1 works beautifully with NDS. After we reached upwards of
500+ user accounts on the firewall, we decided that was more administrative
overhead than we needed. Granted, getting NDS up and running can be a real
bear at the beginning but once it's going, it's great. It's saved us
numerous hours of administration and tons of headaches with user problems
related to authentication issues.Clint Avant
Network Security Administrator
Carriage Services
(281) 552-5538-----Original Message-----
From: Greg Winkler [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 18, 2000 8:24 AM
To: [EMAIL PROTECTED]
Subject: [FW1] User Auth with NDS/LDAP or ACE/Radius - How does it
work?
What are the options for doing user authentication on FW-1?
Most of the time all we require is HTTP and we handle that with MS proxy
sitting inside the firewall. Users point to the proxy and only the proxy's
have permissions beyond the firewall.We do get requests for other types of access and we have been handling them
by assigning specific IP addresses to the users PC's and then allowing
those IP address's through the firewall. It's grown to the point that it is
now big pain to manage in this fashion. Especially as we get more laptops
and the users become mobile. Relying on a fixed IP no longer works.I know that FW-1 has a user database and we can permit based on entries in
this database. I'm not keen on this because it is yet another id/password
for my users to endure. All our users are defined in NetWare's NDS. We also
are soon to have ACE Server soft-token and Radius for a separate dial
project.Is there any way to get FW-1 to use the user list in NDS or authenticate
against the ACE/Radius? I'd like it to be transparent to the user. If
possible, not even prompting them for an ID or password. Am I dreaming?
----------------------------------------------------------------------------
------------Greg Winkler
Systems Manager, IT&S
Huntsman Corporation
Internet Mail: [EMAIL PROTECTED]
Voice: (713) 235-6018
Fax: (713) 235-6890
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
