multiple RADIUS/LDAP domain support

[dharris]

Hi guys
Were setting up a pilot to provide a connectra portal for a parent company with multiple children each with their own AD domain.

I was considering using the RADIUS class attribute to ensure users would be added to the right connectra group (based on the AD user groups) once they authenticate.

My problem is that each AD domain user group will probably have the same group names. Can anyone see a way of getting around this with connectra being used as a single portal for many different domains?

I might have to ditch the centralised option and go for a portal in each AD domain.

[netktm]

Hi,
I am facing this same problem. We have two diffrents Active Directoy.

And we would like to bind those two domains (with the same appropriate type of group) to use Connectra NGX-61 in the authentification process of users.

We never succed in using these two domains at the same time.

Can somebody tell us how to manage in order to fix this problem ?

Cheers!

[munrog]

Hi Guys,

Yes we had this problem. It seems that Connectra has problems when there are multiple authentication mechanisms; be they multiple RADIUS servers or say a RADIUS server and a SecurID server.

The only way I have found to get around this problem is to extend the attributes with Firewall-1's attributes - then you can specify which authentication mechanism is used for authenticating which user by modifying the right fw-1 attribute.

I recommend you install an Active Directory Application Mode (ADAM) instance for this.

There is a link from the OPSEC website to performing the ADAM configuration Check Point OPSEC Alliance Partner: Microsoft - Active Directory
and the Check Point manuals tell you how to extend the schema with a standard Active Directory.

The advantage of using ADAM is that you can muck around with it, without ruining your organisations live directory. :o)

Cheers
Greg