Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
81828384858687888990
Chapter 8 Troubleshooting LDAP Servers and the AMC Known configuration problems
Advanced Technical Reference Guide 4.1 June 2000 85
AMC Property Meaning
GroupRequiresMember=TRUE This variable is set to FALSE by default, and
groups are created without members when they
are defined. However some servers force the
groupOfNames type by disallowing empty group.
Setting this variable to TRUE will create the group
with a dummy member.
UserDefaultOC= person | organizationalPerson |
inetOrgPerson | fw1person
On some servers, there may be problems with
these values. When creating a new userobject, the
objectclasses types will be taken from this variable.
Also, when editing an existing user (any subset will
be considered as user), all the missing
objectclasses will be added. However, they will be
added while editing only if the AddUserDefaultOC
is TRUE.
AddUserDefaultOC=TRUE This variable tells the AMC whether to add the
default objectclasses to any user object being
edited. On some servers (e.g. NDS) the objectclass
cannot be changed while editing.
To get the defaults, you need to delete the old AMC.properties file, since there is still no update mechanism
for this file. The AMC creates an AMC.properties file with the default values if it cannot find it.
More Information
For more information about Account Management Client, see the Check Point Account Management Version
1.1 User Guide.
VPN-1/FireWall-1 LDAP Server Communication
For securing the communication between VPN-1/FireWall-1, an AMC and an LDAP Server, you can choose
between three alternatives:
If the LDAP Server is SSL-enabled, the VPN-1/FireWall-1 and the AMC can use SSL to communicate
with the LDAP Server.
Use a VPN for the communication.
Put the LDAP Server inside a network protected by VPN-1/FireWall-1
Note – The VPN-1/FireWall-1 User Database always has priority over Account Unit. It is recommended that
you define the network and system administrators as VPN-1/FireWall-1 users, so that they will always be able
to log in to the VPN-1/FireWall-1 Management Station, even if the LDAP connection is down.
Known configuration problems
Problem: Account Management Client Authentication Error, while launching the AMC from the
policy editor.
When system administrators try to view the contents that were entered in the AMC and in the LDAP Server,
they may receive an authentication error regarding the administration server. This error means the Netscape
LDAP Server has not been set up completely.
Solution:
1. Enter the directory manager’s password in the SuiteSpot settings.