Re: Pix authentication other than ftp,http and telnet

dabiera · ‎01-11-2001

Two networks separated by a firewall. A server is located on the inside interface. Inbound authentication is active on the firewall in coordination with CiscoSecure. Users on the outside network needs to map a shared folder of server first inorder to run an application. The problem is that I need to do an ftp or an http authentication before mapping that folder. Is there a workaround to authenticate the mapping service (Netbios) instead of doing (two-step) ftp/http then mapping?

a-vazquez · ‎01-17-2001

You could use a VPN tunnel to connect your users to the network, then they can login to the Netbios services as usual. That’s probably the easiest and most secure way. You shouldn’t use NetBios across the Internet as a general rule, pretty insecure. If you have to, since NT login is considered pretty secure anyway, make aaa exceptions for the NetBios hosts that need to be connected to and then your users will only get the NetBios login and not have to http, telnet or ftp to open the conduits for those hosts. The PIX won’t ever be running a NetBios authentication daemon. This is Microsoft proprietary technology and I can’t see them licensing that to Cisco.

netadmin · ‎01-18-2001

We had a similar issue last year with NetWare communication and authentication of conduits to NDS. A Cisco security representative responded that neither Novell or Microsoft would share their authentication API's. This leaves three options: use the default telnet, ftp, or http to authenticate your conduit, leave an open conduit (not an option for us), or VPN. If your outside users are coming across the Internet, or any untrusted network, then a VPN is your most secure solution of the three.

ggtop · ‎01-18-2001

If you need to make this simpler for the users,

I recommend a batch file that will ftp in, passing username/password, then quit out. The next step in the batch file would be a net use statement.