[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Checkpoint sucks ? checkpoint-firewall and openldap
- To: "Marc Schoechlin" <ms-ldap@bart.LF.net>, <openldap-software@OpenLDAP.org>
- Subject: RE: Checkpoint sucks ? checkpoint-firewall and openldap
- From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
- Date: Wed, 28 Jan 2004 14:28:51 -0500
- Content-class: urn:content-classes:message
- Importance: normal
- Thread-index: AcPl0+qowtC8UeQ3T0qthwFmuQ9z+wAAV4Xg
- Thread-topic: Checkpoint sucks ? checkpoint-firewall and openldap
try this article:
http://support.checkpoint.com/kb/docs/public/firewall1/ng/pdf/openldap_f
w1_rev1.83.pdf
that is if you are using openldap... are you using openldap or edir?
-----Original Message-----
From: Marc Schoechlin [mailto:ms-ldap@bart.LF.net]
Sent: Wednesday, January 28, 2004 1:55 PM
To: openldap-software@OpenLDAP.org
Subject: Checkpoint sucks ? checkpoint-firewall and openldap
Hi !
I´m currently trying to setup a "SecureClient NG FP3" to
"Checkpoint NG with Application Intelligence R54/Secureplattform"
Authentification.
Fetching entries seems to work, but I´m not able
authentificate.
What I have done:
* Did the setup described in
http://www.opsec.com/solutions/partners/downloads/novell-int_edir8.7_w_f
w1.pdf
(Adding a schema, adding users, ...)
* Added a "client-encrypt" rule with a LDAP-Group in the source-field
* Added a Posix-Account to the LDAP-Dir
(Auth via PAM_LDAP works)
If I now try to connenct to the firewall I enter the ip-addess, the user
and the password.
After that I get a notification about the certificate, and after
confirming this dialog
I get a message which says complains
"Negotiation with gateway 212.9.190.70 at site 212.9.190.70 has failed.
Access denied - wrong user name or password"
If I now watch my firewall-logs, i get the following
firewall-log-message:
"reason: Client-Encryption: Unix Password not supported"
If I trace the traffic over the network with ethereal, i see that
OpenLDAP
found the right entry.
Is that a problem regarding to the password encryption in the directory
(RFC 2307 : {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA})
I tried out the CRYPT and SSHA encryption - but that does also not help.
What can I do ?
Best regards
Marc Schoechlin
--
Gruss / Best regards | LF.net GmbH | fon +49 711 90074-413
Marc Schoechlin | Ruppmannstr. 27 | fax +49 711 90074-33
ms@LF.net | D-70565 Stuttgart | http://www.lf.net
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments
from your workstation or network mail system. If you are the addressee
or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.