[Date Prev][Date Next] [Chronological] [Thread] [Top]

Checkpoint sucks ? checkpoint-firewall and openldap

To: openldap-software@OpenLDAP.org
Subject: Checkpoint sucks ? checkpoint-firewall and openldap
From: Marc Schoechlin <ms-ldap@bart.LF.net>
Date: Wed, 28 Jan 2004 19:55:11 +0100
Content-disposition: inline
User-agent: Mutt/1.4i

Hi !

I´m currently trying to setup a "SecureClient NG FP3" to 
"Checkpoint NG with Application Intelligence R54/Secureplattform"
Authentification.

Fetching entries seems to work, but I´m not able
authentificate.

What I have done:

 * Did the setup described in
   http://www.opsec.com/solutions/partners/downloads/novell-int_edir8.7_w_fw1.pdf
   (Adding a schema, adding users, ...)
   

 * Added a "client-encrypt" rule with a LDAP-Group in the source-field

 * Added a Posix-Account to the LDAP-Dir
   (Auth via PAM_LDAP works)

If I now try to connenct to the firewall I enter the ip-addess, the user and the password.

After that I get a notification about the certificate, and after confirming this dialog
I get a message which says complains 

"Negotiation with gateway 212.9.190.70 at site 212.9.190.70 has failed.
Access denied - wrong user name or password"

If I now watch my firewall-logs, i get the following firewall-log-message:

"reason: Client-Encryption: Unix Password not supported"

If I trace the traffic over the network with ethereal, i see that OpenLDAP
found the right entry.

Is that a problem regarding to the password encryption in the directory 
(RFC 2307 : {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA})

I tried out the CRYPT and SSHA encryption - but that does also not help.

What can I do ?

Best regards

Marc Schoechlin

-- 

Gruss / Best regards  |  LF.net GmbH        |  fon +49 711 90074-413
Marc Schoechlin       |  Ruppmannstr. 27    |  fax +49 711 90074-33
ms@LF.net             |  D-70565 Stuttgart  |  http://www.lf.net

Prev by Date: Re: question on ldap database creation
Next by Date: SO versioning
Index(es):
- Chronological
- Thread