Hi,
Our CPPM service ( 6.5.2, soon to be 6.5.3) is configured to proxy accounting info to our Checkpoint firewall appliance. When processing authentication requests I've set CPPM up to send back the inner-tunnel User-Name in the Access-Accept packet so that all accounting records are associated with a real user. Our User-Names are of the form userid@our realm, e.g. fred@york.ac.uk.
The checkpoint appliance is trying to use the user-name attribute to access a corresponding AD account .... which fails because it acctually needs the userid component.
Is there any way I can get CPPM to pass back another attribute that just contains the userid component?
My other option is to proxy accounting to a Freeradius server and get it to process the Accounting packets and proxy them off to checkpoint instead
A