[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] CheckPoint FireWall-1 Possible Authentication Bug?
I am using external TACACS+ authentication with two defined groups (Group1 and Group2). Group1 contains a single local defined user (User1) while Group2 contains a single user *generic. GROUP1 USER1 GROUP2 *generic User1 is also defined in the external TACACS+ authentication database that is accessed by default using the *generic user. Group2 rules correctly authenticate the User1 name against the external database without issue using the *generic user entry. Things are fine and authentication works perfectly until....... I added User1 into Group2 in addition to the *generic mapping. Installed rulebase. Removed User1. Installed rulebase. Now any rules defined with Group2 will not work unless User1 is physically placed into Group2 or I completely delete User1 from the local firewall user database. User1 is no long processed by *generic user entry and it appears to remember the User1 was removed from Group2? I tried restarting the firewall with no luck. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|