ISA Clients, authentication no domain

microsoft.public.isa.clients - Microsoft Internet Security and Acceleration


ISA Clients >> authentication no domain

by nico » Mon, 02 Mar 2009 18:32:49 GMT

Hello,

i have 1 isa 2006 on a win2003server installed.
on that isa i have 3 nic's , one for the internet, one for a student
network and one for adminisration network

sutdent network and administration network have there own seperate domain
and use AD with win2003

All the internet traffic goes via the isa, and i want the users to auto
authenticate so i can see in the reports who does what.
Is this possible for the two seperate domains users, when isa isa not part
of any of the two domains? and how?

regards,
N.


Top

ISA Clients >> authentication no domain

by Phillip Windell » Tue, 03 Mar 2009 00:27:09 GMT



Not it is not possible.

Using two domains in this manner for this reason is a bad
design,...partially due to the managability problem you now experience.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436 (TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433 (TechNet.10).aspx

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
Top
Similar Threads

1. de hm domain domain registrierung by domain who is com domain eu domain registrierung

2. Non-domain joined Vista Clients cannot get through ISA 2004 with authentication enabled 

I have a network with ISA 2004 as the proxy server.  I have
authentication (basic, integrated) required on the ISA server.  I
cannot find a way to enable non-domained joined Vista clients (wired
or wireless) to browse to the internet with IE 7.  The non-domain
joined Vista workstation can browse to local server resources
(authentication prompt if necessary).  When trying to browser the
internet there is no login prompt like there is with XP, the
connection simply fails.  I've manually configured the proxy in IE,
and have WPAD set up in DNS, and have tried both with and without the
ISA client.  I've tried many IE configuration parameters and
configurations, but may have missed a key step.

If I turn off ISA authentication (and not joining the domain), the
clients can get through perfectly fine.  When I domain join the Vista
system, IE connects just fine.

Having non-domained joined Vista clients isn't our "norm", but
regularly happens when we have visitors.

Is there a IE configuration procedure I can provde them, or an ISA
policy that will fix the problem?

Thanks!

3. Disabled "Digest Authentication for Windows Domain Servers" control

4. LDAP/AD authentication for access rule, multiply domains case 

Hi,

Is it possible for ISA 2006,  to authenticate outgoing requests from 
internal network to the Internet, while internal nework contains more than 1 
Active Directory domain? Like ISA does it in publishing rule using multiply 
LDAP servers. I see that it's impossible to use LDAP authenticated users in 
access rule.

Any help will be greatly appreciated,
Mark Kaplan

5. VPN authentication with domain trust

6. VPN Domain authentication on ISA 2006 

I have this sporadic problem with PPTP VPN on ISA 2006.  Users are
connecting in via VPN and authenticating directly to the domain but
there are sporadic times when users get 'user/password invalid' errors
and cannot connect.  There does not seem to be any pattern to it, it
just randomly occurs and then goes away after awhile.  I see nothing
in the logs etc which tell me what the issue might be, except for just
'user XX did not authenticate' etc.  Has anyone else had this trouble
or seen this same behavior?

7. Domain authentication - VPN on ISA

8. Authentication Certificate for Workgroup Array for CSS in Domain 

I am setting up an array of ISA 2006 Ent. Servers (2) in Workgroup 
Configuration (in DMZ).  The CSS is in the domain behind firewall.
On an Enterprise CA on a W2k3 Std. Server I create the authentication 
certificate successfully but when I try to save a copy with the Certificate 
Export Wizard I do not get the option to save it in PKCS#12 (pfx) format 
which is what ISA Server requires.
Please advice.

Following are the certificate request file parameters
_________________________________________________________________________
[Version]

Signature="$Windows NT$"

[NewRequest]

Subject = "CN=name.domain.com"

KeySpec = 1

KeyLength = 2048

Exportable = YES

MachineKeySet = TRUE

SMIME = False

PrivateKeyArchive = FALSE

UserProtected = FALSE

UseExistingKeySet = FALSE

ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12

RequestType = PKCS10

KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1
__________________________________________