CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA or CCSE One-Week Certification Training Courses with CPUG in Beautiful San Francisco!
    R70 CCSA Courses Starting (2010) 6/7, 7/12, 8/9, 10/11, 11/8, 12/6.  R70 CCSE Courses Starting (2010) 8/16.
2. CPUG CON 2010 EUROPE, the User Conference in Switzerland, September 20th-22nd, 2010!
3. Join Our CPUG Groups On LinkedIn and Facebook.  See Our Channel on YouTube.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > SmartDirectory/LDAP/Active Directory
MS AD as an LDAP Account Unit MS AD as an LDAP Account Unit
Register Projects FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 2006-04-28
Junior Member
  
Join Date: 2006-04-28
Posts: 2
Rep Power: 0
sagigreen has an average reputation (10+)
Default MS AD as an LDAP Account Unit
Hi,

i am trying to connect my 2003 AD to my NGX FW.
so far i have expended the schema linked the two (FW and AD) and created external ldap user groups and even created a template.
my problem is that the FW would not recognize an authenticating user as an external ldap user and everytime i am trying to authenticate i get 2 event messages:

Number: 116
Date: 29Apr2006
Time: 0:32:17
Product: VPN-1 Pro/Express
VPN Feature: SecureClients
Interface: daemon
Origin: cpmodule (192.168.1.201)
Type: Alert
Action: Reject
Reject Reason: SecureClient authentication failure
Source: 192.168.2.100
Destination: cpmodule (192.168.1.201)
Encryption Scheme: IKE
Subproduct: VPN
Information: reason: Client Encryption: User unknown.

Number: 117
Date: 29Apr2006
Time: 0:32:17
Product: VPN-1 Pro/Express
VPN Feature: SecureClients
Interface: daemon
Origin: cpmodule (192.168.1.201)
Type: Alert
Action: Reject
Reject Reason: SecureClient authentication failure
Source: 192.168.2.100
Destination: cpmodule (192.168.1.201)
User: test
Encryption Scheme: IKE
Subproduct: VPN
Information: reason: Client Encryption: Unknown user

any help will be highly appriciated.
Reply With Quote
  #2 (permalink)  
Old 2006-04-30
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 2,531
Rep Power: 8
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: MS AD as an LDPA Account Unit
send me a private e-mail with your email address and I'll send you the config docs (jlh8@yahoo.com).

I know Barry is swamped right now with non-board stuff, but I'll see if he can post them at some point.
Reply With Quote
  #3 (permalink)  
Old 2006-05-06
Junior Member
  
Join Date: 2006-04-28
Posts: 2
Rep Power: 0
sagigreen has an average reputation (10+)
Default Re: MS AD as an LDPA Account Unit
hey there,

i sent you an email to your private email address and didnt get a reply, please contact me cause this is urgent for me.
thanks
Reply With Quote
  #4 (permalink)  
Old 2006-05-13
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 2,531
Rep Power: 8
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: MS AD as an LDPA Account Unit
Hrmmm never got the e-mail sorry.

You can use chilly jim (one word) at gmail (less filters & less spam for it to get mixed into)
Reply With Quote
  #5 (permalink)  
Old 2006-07-17
Junior Member
  
Join Date: 2006-07-17
Posts: 1
Rep Power: 0
dlepore has an average reputation (10+)
Default Re: MS AD as an LDPA Account Unit
Hey i have the same issue. Can i send you an email for the config docs?

Thanks,
Dan
Reply With Quote
  #6 (permalink)  
Old 2006-08-02
Junior Member
  
Join Date: 2006-08-01
Posts: 1
Rep Power: 0
nawrock1 has an average reputation (10+)
Default Re: MS AD as an LDPA Account Unit
ChillyJim,

I too am attempting to configure LDAP for VPN athentication between Windows AD 2003 and NGX. Would be so kind to bestow your knlowledge on to me. Any help would be greatly appreciated.
Reply With Quote
  #7 (permalink)  
Old 2006-08-23
Junior Member
  
Join Date: 2006-08-17
Location: Sao Paulo
Posts: 3
Rep Power: 0
alucinado has an average reputation (10+)
Default Re: MS AD as an LDPA Account Unit
How is your configuration? Is the user template checked (authentication tab in LDAP server)? What user is the template? What is the authentication type selected in the user template (checkpoint)?
Reply With Quote
  #8 (permalink)  
Old 2006-10-02
Member
  
Join Date: 2005-12-07
Location: Trois-Rivières
Posts: 31
Rep Power: 0
CheckMan has an average reputation (10+)
Default Re: MS AD as an LDAP Account Unit
Hi, You need to update your AD Schema first...
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 06:36.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.1