ISA 2000 Security Client Authentication
Results 1 to 7 of 7

Thread: ISA 2000 Security Client Authentication

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    177

    ISA 2000 Security Client Authentication

    Hi all. I've been using an ISA 2000 (+SP2 + FP1) proxy with basic authentication for the machines which are in the network BUT not in the windows domain.
    It's working fine with Internet Explorer since it asks for the credentials with a popup screen.

    My problem is that now I've to use an application that requires Microsoft ISA's security client (since it's using a non standard port). It's working on the machines which are in the domain using integrated authentication but in the machines which are not in the domain I get an authentication error and it isn't even asking for the credentials.

    What should I do to force the clients to authenticate?

    Thank you all in advance!

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Why arent the clients joined to the domain???

    Can they be joined??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Hi, first let me apologize, I did a misstranslation of the name, I meant the Microsoft Firewall Client.

    Anyway, regarding your question will be really long to explain why they aren't in the domain, but the fact is that they can't join to it...

    What I tested succesfully is to create on both sides (cient and server) a user with the same credentials (name and password) but I can't use it because they are using domain acocounts + basic authentication to acces to internet and using this local accounts will mean loss the ability to authenticate them with their domain user credentials.

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    So...they are in there own domain....????

    and they need to use your domain to connect to the internet????

    What is the app that needs the firewall client??

    What oses are running the domains??

    Are you using AD in either of them??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    They are in their own "workgroups".

    This is a "remote backup" app. This app create a tunnel using one port bellow 1024 and sends the files to be "backed up" or the differences after the first one to a server on the internet. (all the data is encrypted of course)

    Anyway, since I didn't want to use the same account for all and I didn't want to pay the license for another Microsoft ISA Server what I finally did and I'm actually testing in this moment, whith that appears to be succesfull, is play with NAT and use a linux machine with iptables...

    I can tell you the details if you're interested in. I'm thinking about to write a tutorial but it's an overhead work for me to do it in english...

    Thank you!

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    It's not the world's best solution but you could assign static ip addresses to these machines and setup the authentication to be based upon the ip address. I see no other way to get this to work. The ISA client software is based on integrated authentication so the machine must be part of the domain. Another way might be to put these machines in a seperate domain and setup a trust. This way you can use the integrated authentication..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Junior Member
    Join Date
    Oct 2002
    Posts
    4

    SecureNAT?

    Couldn't you just run these clients as SecureNAT clients with a static IP (and restrict destination based on IP)? Are you wanting to restrict sites these non domain computers access?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •