2

I am attempting to use a Watchguard firebox 550e with Fireware XTM 11 to authenticate incoming traffic for RDP access. I have configured the firewall to use my domain controller for Active directory authentication with a Windows 2000 server farm and added a couple of user accounts to the users list in the firewall, but when I attempt to log onto the authentication page for the firewall, I get Logon failed. I know that the user names work and that the passwords are correct. I am also certain that I have told it to log on using Active Directory instead of the FireboxDB. I have tried using the username alone, the domain\username, and the email address. I believe that the Search base is correct (DC=mydomainname,DC=com), and I did not change any defaults for sAMAccountName (and I do not recall making any changes to those items when configuring the domain structure). Any assistance would be appreciated.

pplrppl
  • 1,242
  • 2
  • 14
  • 22
RoseofPurple
  • 106
  • 2
  • 5
  • Are you not able to login with the FireboxDB creds either? Have you rebooted the device since making the changes to use AD auth? – DanBig Jan 15 '10 at 16:10
  • I can logon to the device using either the Web based client, or the management software. – RoseofPurple Jan 17 '10 at 23:53

2 Answers2

1

Few suggestions:

  • Check to see if you have an LDAP authentication test feature in your Firebox firewall, or find out if there are any logs concerning LDAP authentication.
  • Check to see if you have any error's related to LDAP or user acces in your Windows 2000 server security logs.

You'll need to find where this is actually error-ing out (user auth/firewall/server), if logs are not being helpful to you, perhaps tapping the connection with Wireshark in the middle might be helpful.

by the way, what do you mean by: "...and added a couple of user accounts to the users list in the firewall"

Community
  • 1
l0c0b0x
  • 11,697
  • 6
  • 46
  • 76
  • >>by the way, what do you mean by: "...and added a couple of user accounts to the users list in the firewall"<< The firebox has the option to create and manage users on the device, thereby bypassing the AD authentication. My goal is to use group permissions on the domain for access, so having to create additional users on the firebox and manage additional passwords is not really a viable option for me. I will see if I can locate anything in the logs. Thanks for the suggestions!! – RoseofPurple Jan 17 '10 at 23:56
0

Make sure the clocks on the firewall and the AD box are set from the same source, so they are consistent - thats a common issue.

Tom Newton
  • 4,021
  • 2
  • 23
  • 28