- Posts: 7
- Thank you received: 0
Why can't i get authenticated through ISA 2004
- YemenDomain
- Topic Author
- Offline
- New Member
-
Less
More
18 years 3 months ago #16252
by YemenDomain
B.Sc (Computer science),
Passed: 270-70 & 270-90
working on: 270-91 & CCNA
********Never hisitate asking. Not everyone knows. Seek Learning*********
Why can't i get authenticated through ISA 2004 was created by YemenDomain
Hi Guys,
I am not sure if i can make a theory out of what is happining with me. ISA 2004 is strange when it is a member of a domain. So what i did, i removed it from the domain and made it an independent server only proxy, firewall and cache server. and guys it is very nice now. but when it comes to authentication i a facing a problem. domain members are unable to browse as users are not created in the ISA server. Is there a way i can import the active directory users and groups data base into the ISA server. ?????
yours,
Please help (The YemenDomain)
I am not sure if i can make a theory out of what is happining with me. ISA 2004 is strange when it is a member of a domain. So what i did, i removed it from the domain and made it an independent server only proxy, firewall and cache server. and guys it is very nice now. but when it comes to authentication i a facing a problem. domain members are unable to browse as users are not created in the ISA server. Is there a way i can import the active directory users and groups data base into the ISA server. ?????
yours,
Please help (The YemenDomain)
B.Sc (Computer science),
Passed: 270-70 & 270-90
working on: 270-91 & CCNA
********Never hisitate asking. Not everyone knows. Seek Learning*********
18 years 3 months ago #16253
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Why can't i get authenticated through ISA 2004
Hi there,
Can you give more details of the issues you had when putting ISA Server into the domain. There has been a lot of topics regarding Standalone\Domain Membership and ISA Server. The older approach was that a Firewall should not be a member of a domain incase it is compromised. The newer way of thinking is that it should be a member of the domain in order to enhance the functionality of ISA 2004; see This Link for more on the subject.
Therefore, if you can give more details on the issues you have had with the domain membership it may be worth trying to get this working so you are not managing two seperate accounts (Domain Logon and Internet Access).
Another thing would be, do you use Internet Filtering ? Or are you thinking about it. I know the Websense product (which i must say is an excellent product for Internet Filtering) has an agent the will intercept the domain account information and then use its own service then to connect to a domain controller and enumerate groups, etc... for the authentication portion. This may be another way forward as you don't need to make the ISA Server part of the domain but you can still query your Active Directory (Read only) to enumerate account details.
Cheers
Wayne
Can you give more details of the issues you had when putting ISA Server into the domain. There has been a lot of topics regarding Standalone\Domain Membership and ISA Server. The older approach was that a Firewall should not be a member of a domain incase it is compromised. The newer way of thinking is that it should be a member of the domain in order to enhance the functionality of ISA 2004; see This Link for more on the subject.
Therefore, if you can give more details on the issues you have had with the domain membership it may be worth trying to get this working so you are not managing two seperate accounts (Domain Logon and Internet Access).
Another thing would be, do you use Internet Filtering ? Or are you thinking about it. I know the Websense product (which i must say is an excellent product for Internet Filtering) has an agent the will intercept the domain account information and then use its own service then to connect to a domain controller and enumerate groups, etc... for the authentication portion. This may be another way forward as you don't need to make the ISA Server part of the domain but you can still query your Active Directory (Read only) to enumerate account details.
Cheers
Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.113 seconds