LDAP Authentication in Watchguard Firebox
The Watchguard Firebox X50 (X15 if not upgraded) can support user authentication if you require it. For this setup I’m using and have:
Having added our users, next we will move on to the Watchguard Firebox. In the Watchguard Firebox X50 click on the “Firebox Users” on the left-hand side then click on “Configure”. There are a few options in the “Firebox User Access Restriction Enforcement and Options” that need to be enabled (others are user preference). Make sure “Require user authentication (enable local user accounts).” and “Automatically prompt for login on Web access.”
Under “LDAP Authentication Service” in the “Domain Name” box enter the Pre-2000 domain name. I tried lan.johndball.com, johndball.com and all other sorts of combinations before I realized that using the Pre-2000 domain name is what it was asking for. Next select “Active Directory” in the drop-down menu. Enter your AD server IP address. Specify “389″ for LDAP server port. I selected “10 Seconds” for LDAP timeout. And now for the search string. Since my Organization Unit is ADU my search string is “ou=adu,dc=lan,dc=johndball,dc=com” (without the quotes).
Once the information is entered for YOUR specifications press the “Test LDAP Account” button. If you have a pop-up blocker you will need to allow pop-ups as this opens a new window.
If you receive an error message (which is the most common error) the you probably did not enter the Pre-2000 domain name before the user account. Example Pre2000\UserName
Once you have corrected the error (if there was one) then test the account (again) and you should receive positive test results.
Close the test window and hit the “Submit” button one more time (just to make sure you have saved your settings. REBOOT your Firebox and then try to access the web. A window should appear requesting a user name and password. You might receive a warning that the certificate is invalid, this should be safe for you to click “OK” and continue (check it out first).
Enter in your username and password (Pre2000 Domain Name\UserName) and password then click “OK”.
If everything authenticates properly then you will be redirected to the requested webpage! :->
My bud Blaize wrote a logon page for the authentication and I’ll get him to upload those instructions on his website when he has time. It is much nicer than the built in web stuff on the Firebox.
*Two things to remember:
1) I taught myself how to do this. There may be some security measures that I have overlooked because I taught myself. Please have your security team/group/analyst review the security settings on your system before deploying this for regular use. If there is a breach or problem caused by following these instructions I’m not responsible!
2) I blacked out information that I deemed sensitive (IP addresses, usernames).
http://pressposts.com/Personal/LDAP-Authentication-in-Watchguard-Firebox/
Submited post on PressPosts.com – “LDAP Authentication in Watchguard Firebox”
PressPosts / User / kourinthellama / Submitted said this on July 24th, 2007 at 21:30