[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Radius + Session auth - username changed by FW?

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Radius + Session auth - username changed by FW?
From: ian.bosworth@oxinst.co.uk
Date: Wed, 13 Oct 1999 11:35:30 +0100

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]


Hi guys,

I have successfully tested RADIUS authentication with Session authentication with several users on different domains. I am using MS IAS/C as the RADIUS server with NT usernames from a system of Domain trusts. FW-1 V4 SP3 on NT4 SP4 is setup with a generic* user, Radius server entry setup for Radius version 1.

BUT,  now I am rolling it out to users (don't you hate it when problems occur AFTER testing :-<  )  I am only having a 50% success rate. Some users don't authenticate. The FW log shows them correctly as for example username  "domain\jbloggs" but RADIUS authentication is refused and on the NT event log for the RADIUS server I get a requested username of "domain\x5cjbloggs". Note the extra x5c inserted in front of the username.  This doesn't occur with all users on the same domain, but it is linked by user, not machine or Auth agent. Users are existing ones ie domains have them fully synced.

I'm really hoping someone has seen this before !!  Any clues as to where to look would be appreciated. 

Boz
Group IT Support Engineer


____________________________________________________________
Oxford Instruments plc, Old Station Way, Eynsham, Witney,
Oxon, OX8 1TL, UK. Tel: +44 (0)1865 881437, Fax: +44 (0)1865 881944
http://www.oxford-instruments.com/    We have a 5M email size limit

Unless stated above to be non-confidential, this E-mail and any
attachments are private and confidential and are for the addressee
only and may not be used, copied or disclosed save to the addressee.
If you have received this E-mail in error please notify us upon receipt
and delete it from your records. Internet communications are not secure
and Oxford Instruments is not responsible for their abuse by third
parties nor for any alteration or corruption in transmission.
____________________________________________________________



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] problem to block cyberdildonics sex sites?
Next by Date: [FW1] SecuRemote and Firewall problem- HELP!!
Prev by thread: [FW1] Inconsistency on interfaces
Next by thread: [FW1] SecuRemote and Firewall problem- HELP!!
Index(es):
- Date
- Thread