Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Autentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Autentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
Autentication - 22.Apr.2004 9:47:00 AM   
TheHunterMan

 

Posts: 10
Joined: 25.Feb.2004
Status: offline 		Hello,
I installed ISA 2004. Use 3EDGE template. My users connected to Internet without problem...but when i checked Authentication in Network/Internal/WebProxy they cannot connect to Internet with 407 error. I used Integrated and Basic Authentication. What i could doing ?

Sergey
Post #: 1
RE: Autentication - 22.Apr.2004 10:05:00 PM   
penrose.l@2college.nl

 

Posts: 474
Joined: 29.Jan.2004
From: Netherlands
Status: offline 		so you checked "Ask unauthenticated users to authenticate" ?
some Q:

- clients running firewall client ?
- are you SURE you have basic authentication enabled ?
- what firewall rules did you set on the ISA 2k4 ?

you could try to disable 'basic authentication' because integrated authentication should be good for users that can access your ISA server.

please run a logging ( under logging -> start query ) then try to browse the net with a client.
After client gets error , view the logs.
What do they say ?

Kind regards,
Lex P.

(in reply to TheHunterMan)
Post #: 2
RE: Autentication - 23.Apr.2004 12:50:00 AM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hey guys,

I strongly recommend against using the templates and create your own rules. Beginners don't understand the policies created by the templates, the route relationships and the network types. This gets them mixed up and they can't explain what rules are in place [Frown]

So, the first thing I would check is what access rules you have in place and take it from there.

HTH,
Tom

(in reply to TheHunterMan)
Post #: 3
RE: Autentication - 23.Apr.2004 10:16:00 AM   
TheHunterMan

 

Posts: 10
Joined: 25.Feb.2004
Status: offline 		Hi Tom,
Thanks for you reply.
I reinstall ISA 2004 without Template. I create only one rule: Action:Allow; Protocols: HTTP, HTTPS, POP3, SMTP; From: Internal; To: External; All USERS ( default ). After it i checked WebProxy integrated authentication in Network/internal. And my users can't to connect Internet. They received 407 error.

Sergey

(in reply to TheHunterMan)
Post #: 4
RE: Autentication - 23.Apr.2004 10:23:00 AM   
TheHunterMan

 

Posts: 10
Joined: 25.Feb.2004
Status: offline 		Hi Tom.
This is my rule configuration:
<?xml version="1.0" encoding="UTF-8"?>
<fpc4:Root xmlns:fpc4="http://schemas.microsoft.com/fpc/config-4-beta1-preview" xmlns:dt="urn:schemas-microsoft-com:datatypes" StorageName="FPC" StorageType="0">
<fpc4:Build dt:dt="string">4.0.1872.0</fpc4:Build>
<fpc4:Comment dt:dt="string"/>
<fpc4:Edition dt:dt="int">81</fpc4:Edition>
<fpc4:ExportItemClassCLSID dt:dt="string">{59740B3A-8771-492C-AF59-7764F4F939EF}</fpc4:ExportItemClassCLSID>
<fpc4:ExportItemStorageName dt:dt="string">{5197A470-B58B-4872-B5D7-90512212D816}</fpc4:ExportItemStorageName>
<fpc4:OptionalData dt:dt="int">4</fpc4:OptionalData>
<fpc4:Arrays StorageName="Arrays" StorageType="0">
<fpc4:Array StorageName="{C7AA2ED2-D338-4E31-9D9E-B3F777518473}" StorageType="0">
<fpc4:Components dt:dt="int">255</fpc4:Components>
<fpc4:Name dt:dt="string"/>
<fpc4:ArrayPolicy StorageName="ArrayPolicy" StorageType="0">
<fpc4:Name dt:dt="string"/>
<fpc4:PolicyRules StorageName="PolicyRules" StorageType="0">
<fpc4:PolicyRule StorageName="{5197A470-B58B-4872-B5D7-90512212D816}" StorageType="1">
<fpc4:Enabled dt:dt="boolean">1</fpc4:Enabled>
<fpc4:Name dt:dt="string">Access to WEB</fpc4:Name>
<fpc4:Order dt:dt="bin.hex">16fcffff0100000030904aa30329c401</fpc4:Order>
<fpc4:SelectionIPs StorageName="SourceSelectionIPs" StorageType="1">
<fpc4:Refs StorageName="Networks" StorageType="1">
<fpc4:Ref StorageName="{2B316482-D172-4257-A2EC-8E4C569EE36E}" StorageType="1">
<fpc4:Name dt:dt="string">{4E32B556-0FAF-4A27-9111-085F679EDC9B}</fpc4:Name>
<fpc4:RefClass dt:dt="string">msFPCNetwork</fpc4:RefClass>
</fpc4:Ref>
</fpc4:Refs>
<fpc4:Refs StorageName="NetworkSets" StorageType="1"/>
<fpc4:Refs StorageName="Computers" StorageType="1"/>
<fpc4:Refs StorageName="AddressRanges" StorageType="1"/>
<fpc4:Refs StorageName="Subnets" StorageType="1"/>
<fpc4:Refs StorageName="ComputerSets" StorageType="1"/>
</fpc4:SelectionIPs>
<fpc4:AccessProperties StorageName="AccessProperties" StorageType="1">
<fpc4:ProtocolSelectionMethod dt:dt="int">1</fpc4:ProtocolSelectionMethod>
<fpc4:SelectionIPs StorageName="DestinationSelectionIPs" StorageType="1">
<fpc4:Refs StorageName="Networks" StorageType="1">
<fpc4:Ref StorageName="{80F59E73-DDA2-415E-8A03-1D18F2719819}" StorageType="1">
<fpc4:Name dt:dt="string">{F129EACF-778B-44FE-B339-5B752D7220A3}</fpc4:Name>
<fpc4:RefClass dt:dt="string">msFPCNetwork</fpc4:RefClass>
</fpc4:Ref>
</fpc4:Refs>
<fpc4:Refs StorageName="NetworkSets" StorageType="1"/>
<fpc4:Refs StorageName="Computers" StorageType="1"/>
<fpc4:Refs StorageName="AddressRanges" StorageType="1"/>
<fpc4:Refs StorageName="Subnets" StorageType="1"/>
<fpc4:Refs StorageName="ComputerSets" StorageType="1"/>
</fpc4:SelectionIPs>
<fpc4:Refs StorageName="DestinationDomainNameSets" StorageType="1"/>
<fpc4:Refs StorageName="ProtocolsUsed" StorageType="1">
<fpc4:Ref StorageName="{0615411B-4BA4-4525-B743-01F7427CAA86}" StorageType="1">
<fpc4:Name dt:dt="string">{df6cabc0-d4a3-11d2-bbc4-00a0c9d785a6}</fpc4:Name>
<fpc4:RefClass dt:dt="string">msFPCProtocol</fpc4:RefClass>
</fpc4:Ref>
<fpc4:Ref StorageName="{B43E3BDA-9371-4E35-B51A-D538A1373384}" StorageType="1">
<fpc4:Name dt:dt="string">{fe3e20d0-d4a3-11d2-bbc4-00a0c9d785a6}</fpc4:Name>
<fpc4:RefClass dt:dt="string">msFPCProtocol</fpc4:RefClass>
</fpc4:Ref>
<fpc4:Ref StorageName="{EF7BCB2D-AE95-4952-B5B3-7981F4BD38C1}" StorageType="1">
<fpc4:Name dt:dt="string">{0584fbe0-d4a5-11d2-bbc4-00a0c9d785a6}</fpc4:Name>
<fpc4:RefClass dt:dt="string">msFPCProtocol</fpc4:RefClass>
</fpc4:Ref>
<fpc4:Ref StorageName="{F577C610-B905-4B2E-947E-58FBD15B1470}" StorageType="1">
<fpc4:Name dt:dt="string">{57cf0ac0-d4a5-11d2-bbc4-00a0c9d785a6}</fpc4:Name>
<fpc4:RefClass dt:dt="string">msFPCProtocol</fpc4:RefClass>
</fpc4:Ref>
</fpc4:Refs>
<fpc4:Refs StorageName="ContentTypeSetsUsed" StorageType="1"/>
<fpc4:Refs StorageName="URLSet" StorageType="1"/>
<fpc4:Refs StorageName="UserSets" StorageType="1">
<fpc4:Ref StorageName="{34F366A1-01FC-4E52-A21E-44796C7AE8CC}" StorageType="1">
<fpc4:Name dt:dt="string">{DFFB7833-9365-4184-AABC-7CAFB018A7FA}</fpc4:Name>
<fpc4:RefClass dt:dt="string">msFPCUserSet</fpc4:RefClass>
</fpc4:Ref>
</fpc4:Refs>
</fpc4:AccessProperties>
</fpc4:PolicyRule>
</fpc4:PolicyRules>
</fpc4:ArrayPolicy>
<fpc4:NetConfig StorageName="NetConfig" StorageType="0">
<fpc4:Networks StorageName="Networks" StorageType="0">
<fpc4:Network StorageName="{4E32B556-0FAF-4A27-9111-085F679EDC9B}" StorageType="2">
<fpc4:Description dt:dt="string">The internal network</fpc4:Description>
<fpc4:EnableFirewallClients dt:dt="boolean">1</fpc4:EnableFirewallClients>
<fpc4:EnableWebProxyClients dt:dt="boolean">1</fpc4:EnableWebProxyClients>
<fpc4:Name dt:dt="string">Internal</fpc4:Name>
<fpc4:NetworkType dt:dt="int">4</fpc4:NetworkType>
<fpc4:IpRangeSet StorageName="IpRangeSet" StorageType="2">
<fpc4:IpRangeEntry StorageName="{56C7BA15-78F3-44ED-845E-2EE7B8D6073C}" StorageType="2">
<fpc4:IPFrom dt:dt="string">10.0.0.0</fpc4:IPFrom>
<fpc4:IPTo dt:dt="string">10.255.255.255</fpc4:IPTo>
</fpc4:IpRangeEntry>
<fpc4:IpRangeEntry StorageName="{DF914D0C-6EF4-47C3-A50F-982AAA59C900}" StorageType="2">
<fpc4:IPFrom dt:dt="string">169.254.0.0</fpc4:IPFrom>
<fpc4:IPTo dt:dt="string">169.254.255.255</fpc4:IPTo>
</fpc4:IpRangeEntry>
<fpc4:IpRangeEntry StorageName="{48C166FF-6C2A-4A4B-BF91-6DA105193EDC}" StorageType="2">
<fpc4:IPFrom dt:dt="string">172.16.0.0</fpc4:IPFrom>
<fpc4:IPTo dt:dt="string">172.31.255.255</fpc4:IPTo>
</fpc4:IpRangeEntry>
<fpc4:IpRangeEntry StorageName="{AC2C43D7-2CC6-4AD3-AB38-3F683BD5AC16}" StorageType="2">
<fpc4:IPFrom dt:dt="string">192.168.0.0</fpc4:IPFrom>
<fpc4:IPTo dt:dt="string">192.168.255.255</fpc4:IPTo>
</fpc4:IpRangeEntry>
<fpc4:IpRangeEntry StorageName="{EAEA1D96-0D7A-497D-BAD1-9AD41FD7CBC2}" StorageType="2">
<fpc4:IPFrom dt:dt="string">198.59.59.0</fpc4:IPFrom>
<fpc4:IPTo dt:dt="string">198.59.59.255</fpc4:IPTo>
</fpc4:IpRangeEntry>
</fpc4:IpRangeSet>
<fpc4:WebListenerProperties StorageName="WebListenerProperties" StorageType="2">
<fpc4:SSLPort dt:dt="int">0</fpc4:SSLPort>
<fpc4:TCPPort dt:dt="int">8080</fpc4:TCPPort>
<fpc4:Refs StorageName="AuthenticationSchemes" StorageType="2"/>
<fpc4:AppliedSSLCertificates StorageName="AppliedSSLCertificates" StorageType="2"/>
</fpc4:WebListenerProperties>
</fpc4:Network>
<fpc4:Network StorageName="{F129EACF-778B-44FE-B339-5B752D7220A3}" StorageType="2">
<fpc4:Description dt:dt="string">Default network representing the Internet.</fpc4:Description>
<fpc4:Name dt:dt="string">External</fpc4:Name>
<fpc4:NetworkType dt:dt="int">3</fpc4:NetworkType>
<fpc4:WebListenerProperties StorageName="WebListenerProperties" StorageType="2">
<fpc4:SSLPort dt:dt="int">0</fpc4:SSLPort>
<fpc4:TCPPort dt:dt="int">8080</fpc4:TCPPort>
<fpc4:AppliedSSLCertificates StorageName="AppliedSSLCertificates" StorageType="2"/>
</fpc4:WebListenerProperties>
</fpc4:Network>
</fpc4:Networks>
</fpc4:NetConfig>
<fpc4:RuleElements StorageName="RuleElements" StorageType="0">
<fpc4:Protocols StorageName="Protocols" StorageType="0">
<fpc4:Protocol StorageName="{df6cabc0-d4a3-11d2-bbc4-00a0c9d785a6}" StorageType="2">
<fpc4:Components dt:dt="int">255</fpc4:Components>
<fpc4:Description dt:dt="string">Hyper Text Transfer Protocol (HTTP)</fpc4:Description>
<fpc4:Guid dt:dt="string">{df6cabc0-d4a3-11d2-bbc4-00a0c9d785a6}</fpc4:Guid>
<fpc4:Name dt:dt="string">HTTP</fpc4:Name>
<fpc4:Predefined dt:dt="boolean">1</fpc4:Predefined>
<fpc4:ProtocolCategory dt:dt="int">322</fpc4:ProtocolCategory>
<fpc4:Refs StorageName="ApplicationFilters" StorageType="2">
<fpc4:Ref StorageName="{154A6C49-1775-4B55-A32A-00FEE4C23759}" StorageType="2">
<fpc4:Name dt:dt="string">{4CB7513E-220E-4C20-815A-B67BAA295FF4}</fpc4:Name>
<fpc4:RefClass dt:dt="string">msFPCProxyPlugin</fpc4:RefClass>
</fpc4:Ref>
</fpc4:Refs>
<fpc4:ProtocolConnections StorageName="PrimaryConnections" StorageType="2">
<fpc4:ProtocolConnection StorageName="{dddcd0e3-871d-4ad4-ba42-9670756017ce}" StorageType="2">
<fpc4:Direction dt:dt="int">1</fpc4:Direction>
<fpc4:PortHigh dt:dt="int">80</fpc4:PortHigh>
<fpc4:PortLow dt:dt="int">80</fpc4:PortLow>
</fpc4:ProtocolConnection>
</fpc4:ProtocolConnections>
</fpc4:Protocol>
<fpc4:Protocol StorageName="{fe3e20d0-d4a3-11d2-bbc4-00a0c9d785a6}" StorageType="2">
<fpc4:Components dt:dt="int">255</fpc4:Components>
<fpc4:Description dt:dt="string">Secure Hyper Text Transfer Protocol</fpc4:Description>
<fpc4:Guid dt:dt="string">{fe3e20d0-d4a3-11d2-bbc4-00a0c9d785a6}</fpc4:Guid>
<fpc4:Name dt:dt="string">HTTPS</fpc4:Name>
<fpc4:Predefined dt:dt="boolean">1</fpc4:Predefined>
<fpc4:ProtocolCategory dt:dt="int">258</fpc4:ProtocolCategory>
<fpc4:ProtocolConnections StorageName="PrimaryConnections" StorageType="2">
<fpc4:ProtocolConnection StorageName="{bd967b3b-ea8a-4ccd-ba95-0e473a75ef6d}" StorageType="2">
<fpc4:Direction dt:dt="int">1</fpc4:Direction>
<fpc4:PortHigh dt:dt="int">443</fpc4:PortHigh>
<fpc4:PortLow dt:dt="int">443</fpc4:PortLow>
</fpc4:ProtocolConnection>
</fpc4:ProtocolConnections>
</fpc4:Protocol>
<fpc4:Protocol StorageName="{0584fbe0-d4a5-11d2-bbc4-00a0c9d785a6}" StorageType="2">
<fpc4:Components dt:dt="int">16</fpc4:Components>
<fpc4:Description dt:dt="string">Post Office Protocol v.3</fpc4:Description>
<fpc4:Guid dt:dt="string">{0584fbe0-d4a5-11d2-bbc4-00a0c9d785a6}</fpc4:Guid>
<fpc4:Name dt:dt="string">POP3</fpc4:Name>
<fpc4:Predefined dt:dt="boolean">1</fpc4:Predefined>
<fpc4:ProtocolCategory dt:dt="int">10</fpc4:ProtocolCategory>
<fpc4:ProtocolConnections StorageName="PrimaryConnections" StorageType="2">
<fpc4:ProtocolConnection StorageName="{033bc47a-c7f4-4d88-9bd7-5d7b1c877d1d}" StorageType="2">
<fpc4:Direction dt:dt="int">1</fpc4:Direction>
<fpc4:PortHigh dt:dt="int">110</fpc4:PortHigh>
<fpc4:PortLow dt:dt="int">110</fpc4:PortLow>
</fpc4:ProtocolConnection>
</fpc4:ProtocolConnections>
</fpc4:Protocol>
<fpc4:Protocol StorageName="{57cf0ac0-d4a5-11d2-bbc4-00a0c9d785a6}" StorageType="2">
<fpc4:Components dt:dt="int">16</fpc4:Components>
<fpc4:Description dt:dt="string">Simple Mail Transfer Protocol (SMTP)</fpc4:Description>
<fpc4:Guid dt:dt="string">{57cf0ac0-d4a5-11d2-bbc4-00a0c9d785a6}</fpc4:Guid>
<fpc4:Name dt:dt="string">SMTP</fpc4:Name>
<fpc4:Predefined dt:dt="boolean">1</fpc4:Predefined>
<fpc4:ProtocolCategory dt:dt="int">10</fpc4:ProtocolCategory>
<fpc4:ProtocolConnections StorageName="PrimaryConnections" StorageType="2">
<fpc4:ProtocolConnection StorageName="{8df1d41c-cdeb-409f-8ba5-25ac0742f706}" StorageType="2">
<fpc4:Direction dt:dt="int">1</fpc4:Direction>
<fpc4:PortHigh dt:dt="int">25</fpc4:PortHigh>
<fpc4:PortLow dt:dt="int">25</fpc4:PortLow>
</fpc4:ProtocolConnection>
</fpc4:ProtocolConnections>
</fpc4:Protocol>
</fpc4:Protocols>
<fpc4:UserSets StorageName="User-Sets" StorageType="0">
<fpc4:UserSet StorageName="{DFFB7833-9365-4184-AABC-7CAFB018A7FA}" StorageType="2">
<fpc4:Name dt:dt="string">All Users</fpc4:Name>
<fpc4:Predefined dt:dt="boolean">1</fpc4:Predefined>
</fpc4:UserSet>
</fpc4:UserSets>
</fpc4:RuleElements>
<fpc4:Extensions StorageName="Extensions" StorageType="0">
<fpc4:ProxyPlugins StorageName="Proxy-Plugins" StorageType="0">
<fpc4:ProxyPlugin StorageName="{4CB7513E-220E-4C20-815A-B67BAA295FF4}" StorageType="2">
<fpc4:Description dt:dt="string">Filters HTTP traffic</fpc4:Description>
<fpc4:Enabled dt:dt="boolean">1</fpc4:Enabled>
<fpc4:Guid dt:dt="string">{4CB7513E-220E-4C20-815A-B67BAA295FF4}</fpc4:Guid>
<fpc4:Name dt:dt="string">Web Proxy Filter</fpc4:Name>
<fpc4:Predefined dt:dt="boolean">1</fpc4:Predefined>
<fpc4:Vendor dt:dt="string">Microsoft (R) Corporation</fpc4:Vendor>
<fpc4:Version dt:dt="string">4.0</fpc4:Version>
</fpc4:ProxyPlugin>
</fpc4:ProxyPlugins>
</fpc4:Extensions>
</fpc4:Array>
</fpc4:Arrays>
</fpc4:Root>

(in reply to TheHunterMan)
Post #: 5
RE: Autentication - 23.Apr.2004 3:39:00 PM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Sergey,

Can you use the Back Up command to copy your entire config? Then I can use the new ISAinfo tool.

Thanks!
Tom

(in reply to TheHunterMan)
Post #: 6
RE: Autentication - 23.Apr.2004 4:02:00 PM   
TheHunterMan

 

Posts: 10
Joined: 25.Feb.2004
Status: offline 		Hi Tom. Backup done but he is very big.

How to send it.

Sergey

(in reply to TheHunterMan)
Post #: 7
RE: Autentication - 25.Apr.2004 4:28:00 PM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Sergey,

Zip up the backup .xml file and send it to me at tshinder@isaserver.org

Thanks!
Tom

(in reply to TheHunterMan)
Post #: 8
RE: Autentication - 25.Apr.2004 6:44:00 PM   
TheHunterMan

 

Posts: 10
Joined: 25.Feb.2004
Status: offline 		Hi Tom.

I send zip file with backup configuration from address s.shevelev@tradering.ru

Sergey

(in reply to TheHunterMan)
Post #: 9
RE: Autentication - 25.Apr.2004 11:48:00 PM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Sergey,

I haven't yet received it.

Try tshinder@hotmail.com and I'll check there.

Thanks!
Tom

(in reply to TheHunterMan)
Post #: 10
RE: Autentication - 26.Apr.2004 7:44:00 AM   
TheHunterMan

 

Posts: 10
Joined: 25.Feb.2004
Status: offline 		Hi Tom
I send zip file to you

Sergey

(in reply to TheHunterMan)
Post #: 11
RE: Autentication - 26.Apr.2004 12:31:00 PM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Sergey,

I got it, but my file parser won't read it. Are you using beta 2?

Thanks!
Tom

(in reply to TheHunterMan)
Post #: 12
RE: Autentication - 26.Apr.2004 2:06:00 PM   
TheHunterMan

 

Posts: 10
Joined: 25.Feb.2004
Status: offline 		Hi Tom

Yes. I use beta 2 ISA 2004

Sergey

(in reply to TheHunterMan)
Post #: 13
RE: Autentication - 26.Apr.2004 3:28:00 PM   
penrose.l@2college.nl

 

Posts: 474
Joined: 29.Jan.2004
From: Netherlands
Status: offline 		Hey Tom ,

Try moving some of your firewall rules up and down , eventually it will read the file.

This is a bug and I've posted it yesterday on the beta newsgroups.

Kind regards,
Lex P.

(in reply to TheHunterMan)
Post #: 14
RE: Autentication - 27.Apr.2004 5:03:00 AM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Lex,

I was actually trying to use Jim Harrison's ISAinfo tool for ISA 2004.

Send me a note and I'll forward the files to you -- tshinder@tacteam.net

Thanks!
Tom

(in reply to TheHunterMan)
Post #: 15
RE: Autentication - 29.Apr.2004 6:29:00 AM   
TheHunterMan

 

Posts: 10
Joined: 25.Feb.2004
Status: offline 		Hi Tom,

I send you new backup.xml to your hotmail box.
Could you test it?

Sergey

[ April 29, 2004, 06:29 AM: Message edited by: TheHunterMan ]

(in reply to TheHunterMan)
Post #: 16

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Autentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts