ISA Clients, ISA2004 - User authentication problem!!!

microsoft.public.isa.clients - Microsoft Internet Security and Acceleration


ISA Clients >> ISA2004 - User authentication problem!!!

by Leonard » Thu, 04 May 2006 22:34:19 GMT

We're currently testing ISA server with AD to authenticate students in our
computer labs.

Everything seems to be working fine. When the student opens up internet
explorer
the credentials dialog pops up and ask for the student's credentials as we
want
it.

My problem is that when I go into Active Directory and say that the user
must change his password on the next logon , the client doesn't authenticate
anymore, with the next attempt the domain is filled in with the local
computername.
eg :

login : user1
password : ***

automatically becomes
login : pc-34\user1
password ***
which is very weird ???

after 3 retries ISA server returns the familiar error code 12209 page.

Is there a way for ISA server to come up with a dialog box for the user
to change his password instead of just not authenticating ?

If not, is there any other way to get this sort of functionality ?
If in any way possible we need our student to be able to change their own
passwords when
needed even if it means installing another client for this purpose

In the past our university used novell using the novell bordermanager and
clienttrust
without problems. What must I do on ISAServer to get the same functionality
?

Also how would I make sure that the same student dont login more than once
on
different pc or labs for that matter ? We cant have student john logging in
all
his friends on his student name everywhere he goes, can we ?

Any advice/help is greatly appreciated :)



Top

ISA Clients >> ISA2004 - User authentication problem!!!

by Jim Harrison (MSFT) » Wed, 17 May 2006 09:04:30 GMT


ISA has no idea that the user needs to change the password.
All ISA gets from the DC for the auth request is "logon failed".

--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.


We're currently testing ISA server with AD to authenticate students in our
computer labs.

Everything seems to be working fine. When the student opens up internet
explorer
the credentials dialog pops up and ask for the student's credentials as we
want
it.

My problem is that when I go into Active Directory and say that the user
must change his password on the next logon , the client doesn't authenticate
anymore, with the next attempt the domain is filled in with the local
computername.
eg :

login : user1
password : ***

automatically becomes
login : pc-34\user1
password ***
which is very weird ???

after 3 retries ISA server returns the familiar error code 12209 page.

Is there a way for ISA server to come up with a dialog box for the user
to change his password instead of just not authenticating ?

If not, is there any other way to get this sort of functionality ?
If in any way possible we need our student to be able to change their own
passwords when
needed even if it means installing another client for this purpose

In the past our university used novell using the novell bordermanager and
clienttrust
without problems. What must I do on ISAServer to get the same functionality
?

Also how would I make sure that the same student dont login more than once
on
different pc or labs for that matter ? We cant have student john logging in
all
his friends on his student name everywhere he goes, can we ?

Any advice/help is greatly appreciated :)
Top

ISA Clients >> ISA2004 - User authentication problem!!!

by ZGl2YWthcnRhbmRvbg » Mon, 22 May 2006 23:23:02 GMT

When user change the password, ask them to relogin in the computer and then
see it should work.
Yes you can make the user to login once but that can be done computer base.

Thanks and Regards
Divakar Tandon
Top
Similar Threads

1. ISA2004 having problems with JAVA sites and authentication 

Setup includes ISA2004, Win2003 servers, firewall clients installed.
I have made a change to a rule "allow traffic to the internet".
I set to "authenticated users" to enable control over logging and internet 
access.
Previous config was allow "all users" to the internet. But all loggin showed 
up as "anonomous".
All is working, except when a user access's a JAVA site, they are prompted 
for username and password "NTLM".
I have created another rule a url set to allow "all users" to certain java 
sites I am having problems with and this is fixing the problem, but you can 
imagine the overhead needed to address all the sites affected.
There has to be some way to allow users to java sites that is not preventing 
authentication?
Any help would be appreciated as the only option I can think of is to roll 
back the rull to allow all users to the internet, removing authentication for 
everyone.

Thanks,

D

2. Authentication problem user ->ISA->ISA PROXY - ISA Server

3. Problem with ISA 2004 and user authentication 

Hi,

The problem is,,,by ISA firewall policy...it only allows users in the
"Internet_Users" group to be able to browse the Internet.

Yesterday; I put a new user to that group and test browsing the
Internet using his user credential (already logoff/logon)...but the
authorization failed, he couldn't go out to the Internet. The company
has 2 DCs on a different sites so I did a push replication. After that
I tested again but the result was the same. Then I gave up and used
another user account that already has Internet access right.

I tried again today with the same user account but this time is
different...the account's already got an Internet access.

So why of the delay? How can I make the change affective immediately
after I put the user account into the allowed group?


Thank you very much,
Tom

4. ISA server 2004 user authentication problem

5. IE Authentication dialog showed in ISA2000 but will not in ISA2004 

We are upgrading from ISA 2000 to ISA 2004.  At Fire Stations, PCs are 
configured with a generic login.  The generic login does not have permissions 
to access the internet.  On ISA 2000 this is controlled by a protocol rule 
that pplies Toan Active directory security group.  Further under ISA 
server properties/Outgoing Web Requests the sk unauthenticated users for 
identificationcheck box is checked.  The web proxy ISA client is used.

When a user at a Fire Station starts IE an authentication dialog box appears 
and they are able to enter their own login account details (that is in the 
approved group) and then they can access the internet and web sites they 
visit are tracked to their account.

Now with ISA 2004 this process is not working.

We have setup an access rule that is conditional on the user being in the 
same group as above (by creating a new ser setand adding it to the 
serspage of the access rule).  We are still using the web proxy ISA 
client.

However, access to the internet is blocked and no dialog appears.  Further, 
if we login to the PC using an account in the approved group, access to the 
internet is still blocked.  The only way we can get access using the web 
proxy client is to add the ll Usersuser set to the Users page.  This is 
behavior that we would expect with the Secure NAT client but should not occur 
with the web proxy client.

We have experimented with the firewall client.  The firewall client 
authenticates correctly (if we login using an account in the approved group 
then we can browse the internet).  However, still there is no IE 
authentication dialog if we login using the generic unapproved account.  We 
are simply blocked in that case.

We have tried various authentication methods offered by the Web Proxy page 
on the Internal Network properties form.  We tried the different options both 
for the web proxy client and the firewall client.  None of the combinations 
produced an IE authentication form.

How can we get the authentication functionality that we have in ISA 2000 to 
work in ISA 2004? 

Thanks
  Jon

6. ISA2004 and Web Proxy Client Authentication - ISA Configuration

7. OWA Forms-based Authentication in ISA2004 

Hi all,
Does anyone know if there is a way to modify the standard web OWA
Forms-based Authentication page.

Since the language is in english, I would like to change it. I would also
like to change it so I can use if for other web logons!

Bjn

8. Skype and ISA2004 w/authentication - ISA Server