Problems with Radius Authentication !

[thanhdt]

Here are requirements:

- Users must be authenticated before access to any resources(server1, server2)

- Authorize:

+ user1 is allowed to access to server1, denied to server2

+ user2 is allowed to access to server2, denied to server1

What i did

on Check Point

1. Create Radius Server
2. Create the External User Profile (generic* user), Authentication Scheme: Radius
3. Create the number of User Groups (rad_user1, rad_user2...), only specify the name.
4. edit objects5_0.C: set the attribute add_radius_groups(false) -> add_radius_groups(true). CpStop / CpStart ( Firewall is in SecurePlatform)
5. create 2 rules authentication :

Rule 1:
SOURCE: rad_user1@any
DESTINATION: server1
SERVICE: any
ACTION: Client Auth

Rule 2:
SOURCE: rad_user2@any
DESTINATIOn: server2
SERVICE: any
ACTION: Client Auth

on Radius Server (Funk Radius)

Create 2 users:

username: user1
password: user1
class attribute: rad_user1

username: user2
password: user2
class attribute: rad_user2


but when users connect to http://firewallip:900 to authenticate, and input their usernames, passwords, CP displayed messages:
"Client Authentication Remote Service
FireWall-1 message: User tu1 authenticated by Radius authentication
No Client Authentication Rules Are Available
End session"

these words may be mean Check Point didn't understand two rules.

anyone helps me ? thanks

[dbedit]

What sign on method do you use for client authentication?? Double click 'client auth'.??

[dbedit]

Forget my question.....

looks very much like sk24858 you implemented.

[thanhdt]

Quote:

Originally Posted by dbedit

Forget my question.....

looks very much like sk24858 you implemented.

yes, i search secure knowledge and find this sk24858 solution for authentication with radius, but i was not successful. :(

do u have any experience to share with me ?