Re: [FW1] Authentication to NDS via LDAP

[Patrick Coomans]

Aaron,   you need the Account Management feature on the FW1.  This allows it to define NDS as an external LDAP Account Unit.  If you have an enterprise FW1 you also need enterprise account mgmt.   You can combine it e.g. with Novell Bordermanager so that you can READ NDS (LDAP) and check the groups or OU's in which the users are,  and perform RADIUS authentication towards BMAS by using e.g. tokens or Novell passwords. In fact you can even perform a schema extention on NDS so that the FW1 attributes are also visible in NDS.   In my experience, NDS is the fastest and most secure LDAP server available !!     Good luck, Patrick >>> "Aaron Shilts" <[EMAIL PROTECTED]> 08/02/01 00:11 >>> I've been reading up on Checkpoint's ability to authenticate users off an NDS tree using LDAP.  I've read a few posts in the newsgroups that make it sound like an additional Checkpoint license is required for this ability. Knowing Checkpoint, this wouldn't surprise me. My client will be running an enterprise encryption console and multiple VPN-1 modules for their enforcement points.  If a license is required, where would it be applied? TIA, Aaron ___________________________ Aaron Shilts eSecurity Consulting, Inc. phone 847-571-3889 fax 714-364-9983 __________________________