 | ||
 Creating NT Domain Catalogs | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-09-13 | |||
| |||
 Creating NT Domain Catalogs Im installaling Integirty version 6.5 on windows 2003. I want to import an NT domain catalog (add a group of Active Directory users to an Integirty policy). This worked OK for vesion 5 of integrity. I provide credentials which then returns a list (after 15 minutes) of all the available NT groups. I select the groups I want imported and then click on the add arrows to import. This takes 15 minutes. I then click on save, the mouse pointer turns to an hour glass. After 20 minutes, Internet explorer stops responding and all changes are lost. We have an enormous Active Directory with thousands of groups which is possibly the cause of the problem. An alternative method would be to use LDAP but I am unfamiliar with this and my attempts so far have not found any users. Any help greatly appreciated.  |
| 2006-09-20 | |||
| |||
| Re: Creating NT Domain Catalogs We wanted to use LDAP as well, but the current version requires that you import the entire LDAP catalog into the server!!!! Not only is it completely unrealistic for us to import tens of thousands of LDAP entries- two days later several records will change. It's a almost completely useless feature. I can't understand why this was ever programmed to scale so poorly. There are several examples of lack of forethought on the part of the dev team. As such, we've decided to use custom IDs. They don't authenticate; they only identify. This is not so much of a problem since it only means unauthorized clients can get the security policy. But, it's certainly not an optimal solution. My advice: if this is a significant aspect for you: wait until version 7. It might be better. Are you using HFA03? If not, perhaps trying that will help. In the end, for most organizations, importing large namespaces like this simply isn't feasible. |
| 2006-09-25 | |||
| |||
| Re: Creating NT Domain Catalogs I haven't deployed HFA03 yet to keep in line with my test server but it's worth a shot. I've gone ahead rolling it out on the premise that our AD size will shrink by 10% next year when we migrate and then the NT groups should become usable. I agree that from a security aspect there is no harm in unauthorised clients getting the policy but it does detract from the reporting and monitoring feature. Shame on you Check Point !! |
| 2007-04-06 | |||
| |||
| Re: Creating NT Domain Catalogs Hi, We have the same problems with the Ntdomain import, it takes 15 minutes to load the page to select the groups, after that i select 2 groups with an total of 4 users in both groups. To select the groups and ad them to the right colom takes also at least 15 min. After that i click SAVE and the system doesn't do anything any more. Tested with clean install and also tested it with HFA 05 Someone got an solution for this ? or do we have to wait for version 7.x ? Regards |
| 2007-04-06 | |||
| |||
| Re: Creating NT Domain Catalogs Well well it looks like it is an Microsoft ie problem. ( ie 6.0) We did an test with Modzilla Firefx 2.0.0.3 and it works GREAT !!!!! it takes about 5 min to lookup the groups select them en import them. So please Use Firefox for managing Integrity and you will see it works like a charm! |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
