-
March 31st, 2005, 12:08 PM
#1
Senior Member
ISA 2000 Security Client Authentication
Hi all. I've been using an ISA 2000 (+SP2 + FP1) proxy with basic authentication for the machines which are in the network BUT not in the windows domain.
It's working fine with Internet Explorer since it asks for the credentials with a popup screen.
My problem is that now I've to use an application that requires Microsoft ISA's security client (since it's using a non standard port). It's working on the machines which are in the domain using integrated authentication but in the machines which are not in the domain I get an authentication error and it isn't even asking for the credentials.
What should I do to force the clients to authenticate?
Thank you all in advance!
-
March 31st, 2005, 03:14 PM
#2
Why arent the clients joined to the domain???
Can they be joined??
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
April 1st, 2005, 08:24 AM
#3
Senior Member
Hi, first let me apologize, I did a misstranslation of the name, I meant the Microsoft Firewall Client.
Anyway, regarding your question will be really long to explain why they aren't in the domain, but the fact is that they can't join to it...
What I tested succesfully is to create on both sides (cient and server) a user with the same credentials (name and password) but I can't use it because they are using domain acocounts + basic authentication to acces to internet and using this local accounts will mean loss the ability to authenticate them with their domain user credentials.
-
April 1st, 2005, 04:16 PM
#4
So...they are in there own domain....????
and they need to use your domain to connect to the internet????
What is the app that needs the firewall client??
What oses are running the domains??
Are you using AD in either of them??
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
April 4th, 2005, 08:46 AM
#5
Senior Member
They are in their own "workgroups".
This is a "remote backup" app. This app create a tunnel using one port bellow 1024 and sends the files to be "backed up" or the differences after the first one to a server on the internet. (all the data is encrypted of course)
Anyway, since I didn't want to use the same account for all and I didn't want to pay the license for another Microsoft ISA Server what I finally did and I'm actually testing in this moment, whith that appears to be succesfull, is play with NAT and use a linux machine with iptables...
I can tell you the details if you're interested in. I'm thinking about to write a tutorial but it's an overhead work for me to do it in english...
Thank you!
-
April 4th, 2005, 12:14 PM
#6
It's not the world's best solution but you could assign static ip addresses to these machines and setup the authentication to be based upon the ip address. I see no other way to get this to work. The ISA client software is based on integrated authentication so the machine must be part of the domain. Another way might be to put these machines in a seperate domain and setup a trust. This way you can use the integrated authentication..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 5th, 2005, 03:19 PM
#7
Junior Member
SecureNAT?
Couldn't you just run these clients as SecureNAT clients with a static IP (and restrict destination based on IP)? Are you wanting to restrict sites these non domain computers access?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|