[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Checkpoint sucks ? checkpoint-firewall and openldap
Hi !
I´m currently trying to setup a "SecureClient NG FP3" to
"Checkpoint NG with Application Intelligence R54/Secureplattform"
Authentification.
Fetching entries seems to work, but I´m not able
authentificate.
What I have done:
* Did the setup described in
http://www.opsec.com/solutions/partners/downloads/novell-int_edir8.7_w_fw1.pdf
(Adding a schema, adding users, ...)
* Added a "client-encrypt" rule with a LDAP-Group in the source-field
* Added a Posix-Account to the LDAP-Dir
(Auth via PAM_LDAP works)
If I now try to connenct to the firewall I enter the ip-addess, the user and the password.
After that I get a notification about the certificate, and after confirming this dialog
I get a message which says complains
"Negotiation with gateway 212.9.190.70 at site 212.9.190.70 has failed.
Access denied - wrong user name or password"
If I now watch my firewall-logs, i get the following firewall-log-message:
"reason: Client-Encryption: Unix Password not supported"
If I trace the traffic over the network with ethereal, i see that OpenLDAP
found the right entry.
Is that a problem regarding to the password encryption in the directory
(RFC 2307 : {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA})
I tried out the CRYPT and SSHA encryption - but that does also not help.
What can I do ?
Best regards
Marc Schoechlin
--
Gruss / Best regards | LF.net GmbH | fon +49 711 90074-413
Marc Schoechlin | Ruppmannstr. 27 | fax +49 711 90074-33
ms@LF.net | D-70565 Stuttgart | http://www.lf.net