[prev in list] [next in list] [prev in thread] [next in thread]
List: ngw
Subject: Re: [ngw] Need advice on GW authentication
From: "Matt Weisberg" <matt () weisberg ! net>
Date: 2008-08-28 0:00:02
Message-ID: 48B5B24202000099000896E5 () ssrights ! com
[Download RAW message or body]
You have to understand the screwy way that Microsoft's CA works and how to activate \
LDAP over SSL. It DEFINITELY works, but it was tricky to make work.
Let me know off list which engineer you were working with and I'll let them know (SR \
# would help too).
Matt
--
-----
Matt Weisberg
Weisberg Consulting, Inc.
matt@weisberg.net
www.weisberg.net
ofc. 248.685.1970
cell 248.705.1950
fax 248.769.5963
> > > On 8/27/2008 at 3:04 PM, in message <48B56CE4.05E4.002E.0@mmc.org>, "Paul
Caron" <CARONP@mmc.org> wrote:
> You should contact Novell about this - they can't get this working anywhere
> and have thrown their hands up. We've resolved internally to use LDAP
> against our META tree instead of our AD setup.
>
> Paul Caron, CNE, MCSE
> Messaging Architect
> Maine Medical Center
> caronp@mmc.org
> 207-662-6666
>
>
> The Red Green Show quotes
>
> "If it ain't broke, don't lend it."
>
> "If women don't find you handsome, they should at least find you handy!"
>
>
> > > > On 8/27/2008 at 11:01 AM, "Matt Weisberg" <matt@weisberg.net> wrote:
>
> I have setup GW to authentication via LDAP over SSL to AD in my lab, it
> works just fine. I am using a Windows 2003 R2 server.
>
>
>
>
>
>
>
> -----
> Matt Weisberg
> Weisberg Consulting, Inc.
> matt@weisberg.net
> www.weisberg.net
> ofc. 248.685.1970
> cell 248.705.1950
> fax 248.769.5963
>
>
>
>
> > > > On 8/27/2008 at 10:02 AM, in message <48B5263E.05E4.002E.0@mmc.org>, "Paul
> Caron" <CARONP@mmc.org> wrote:
> > You mention that Groupwise will NOT authenticate via SSL into Windows Server
>
> > 2003 or higher - is there documentation to this effect? I'm thinking about
> > migrating my GroupWise servers from NetWare to Windows (not Linux, as there
> > are few Linux admins in our department, compared to Windows admins). We
> > currently authenticate with LDAP to Edir for most POAs, but one of them
> > authenticates to AD. Additionally, we're looking to enable and use SSL
> > everywhere to satisfy our IS security staff.
> >
> > Appreciate any feedback you can give me and the list.
> >
> > Paul Caron, CNE, MCSE
> > Messaging Architect
> > Maine Medical Center
> > caronp@mmc.org
> > 207-662-6666
> >
> >
> > The Red Green Show quotes
> >
> > "If it ain't broke, don't lend it."
> >
> > "If women don't find you handsome, they should at least find you handy!"
> >
> >
> > > > > On 8/26/2008 at 1:16 PM, "Jim Gosney" <jgosney@genesco.com> wrote:
> >
> > Tony, we just went through this same thing over the past few weeks. We
> > have Groupwise running on Netware but have modified it to log in via LDAP to
>
> > Active Directory.
> >
> > The short answers:
> >
> > Yes, you can authenticate into A/D so that your users don't have to remember
>
> > any Groupwise passwords -- they just use their A/D Windows password.
> >
> > The drawback, the LDAP authentication is plain text, meaning your A/D
> > passwords are zooming across your network for anyone to read with a sniffer,
>
> > unless you turn on SSL. HOWEVER, Groupwise will NOT authenticate via SSL
> > into Windows Server 2003 or higher. If you have Windows Server 2000 or
> lower
> > for your LDAP server, you'll be ok.
> >
> > We have 2003 for our Windows server so we ended up putting dual nics in both
>
> > the GW PO servers and the Windows LDAP servers and segmented them off onto
> > their own network via a VLAN so that all the LDAP traffic between the two
> > sets of servers is kept off our main network and remains hidden and secure.
> >
> > jim
> >
> >
> >
> >
> > ~+~^~+~^~+~^~+~^~+~^~+~^~+~^
> > Jim Gosney
> > Linux/Groupwise Engineer
> > Genesco, Inc.
> > Nashville, TN
> > 615-367-7850
> >
> >
> >
> >
> >
> >
> >
> >
> > > > > On Tue, Aug 26, 2008 at 12:02 PM, Tony Minhas <tonym@ryerson.ca> wrote:
> >
> > Hi all
> >
> >
> > I am looking for some advice/guidance. We are running NW 6.5 servers with GW
>
> > 7. We are primarily Iplanet LDAP aware for most if not all services on
> campus
> > for other services or we feed our Active Directory for add/changes etc for
> > file/print sharing access. Novell is only here for GW and no other services.
>
> > All GW changes are manually done (adds/changes/expires etc). GW login
> > credentials are independant of AD/ Iplanet LDAP. So my management wants to
> > see if GW can either authenticate to Iplanet's LDAP or at least be fed
> > information for user changes (ie. expiry/enable account etc)...Any thoughts
> > on what I can start looking into? tx
> >
> >
> > Tony
> >
> > CONFIDENTIALITY NOTICE: This email message, including any attachments, is
> > for the use of the intended recipient(s) only and may contain information
> > that is privileged, confidential, and prohibited from unauthorized
> disclosure
> > under applicable law. If you are not the intended recipient of this
> message,
> > any dissemination, distribution, or copying of this message is strictly
> > prohibited. If you received this message in error, please notify the sender
>
> > by reply email and destroy all copies of the original message and
> > attachments.
>
>
> --
> Visit http://www.ngwlist.com for help unsubscribing
>
>
>
> CONFIDENTIALITY NOTICE: This email message, including any attachments, is
> for the use of the intended recipient(s) only and may contain information
> that is privileged, confidential, and prohibited from unauthorized disclosure
> under applicable law. If you are not the intended recipient of this message,
> any dissemination, distribution, or copying of this message is strictly
> prohibited. If you received this message in error, please notify the sender
> by reply email and destroy all copies of the original message and
> attachments.
--
Visit http://www.ngwlist.com for help unsubscribing
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic