We have a similar situation. The solution we found was to use Steel-belted RADIUS by funk software.
It can authenticate against Active Directory, NT4-style domains, it's own account list, and an account list in sql server.
HTH
Arron
_________________________________________________
Arron King
Network & Systems Administrator
Ohio Dominican College
[email protected]
http:\\www.odc.edu\~kinga
-----Original Message-----
From: Aeon Hale [mailto:[email protected]]
Sent: Wednesday, January 16, 2002 11:36 AM
To: [email protected]
Subject: [FW-1] Domain Controller
Please forgive me for sending the list an "off checkpoint subject" but
i'm hoping somebody here has run into this situation:
DMZ:
contains numberous webservers. Our NT guys want to setup a Domain
Controller on DMZ for centralized authentication. It will NOT sync with
internal Domain Controller.
Question:
We currently have a radius server used for authentication (checkpoint
uses this for user, client, session and securemote). I would like to
know if there is a way to have the DMZ domain controller "trust" the
radius server that way we can cut back on the amount of accounts we need
to create?
Without the trust between the DMZ Domain controller and radius, each
user will have to have 3 accounts: One on Internal DC, one on DMZ DC,
and one on Radius Server. We're trying to keep it to a minimum, i'm
sure you guys can understand.
Any help would be greatly appreciated.
Thanks,
Aeon Hale
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================