• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

FBA to SSL/Kerberos Site collection using ISA in Trusted Forest.

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> FBA to SSL/Kerberos Site collection using ISA in Trusted Forest. Page: [1]
Login
Message << Older Topic   Newer Topic >>
FBA to SSL/Kerberos Site collection using ISA in Truste... - 23.Apr.2009 12:53:07 PM   
woodrowl

 

Posts: 4
Joined: 23.Apr.2009
Status: offline
Publishing SharePoint site https://www.DomainTwo.org.uk located in forest DomainTwo.org.uk

Using a domain intergrated ISA server in the Trusted forest DomainOne.ltd.uk. One way trust.

I've tried to get it working and I'm having a little trouble.

Will ISA in DomainOne.ltd.uk using Forms based authentication and LDAP to DC's in DomainTwo.org.uk work?  I'd expect that a two way trust and AD Integrated Authenticaiton would get things working however that does fly in the face of the setup I've put in.

SharePoint site collection is using Kerberos authentication, the rule is set to Negotiate/NTLM so that should mean that the authentication types are the same.


Any advice would be appreciated guys,
Cheers,
Lee.
Post #: 1
RE: FBA to SSL/Kerberos Site collection using ISA in Tr... - 23.Apr.2009 1:10:25 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Hi Lee,

Can you explain what works and what doesn't work in detail?

Can you explain the publishing rules and listener setup (especially authentication) you are using?

Bit confused if you are using FBA with Active Directory (Windows) or LDAP...

I assume SharePoint has been fully configured for Kerberos and you are using the correct SPN's in your publishing rules?

Cheers

JJ

P.S. Do we know each other?


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to woodrowl)
Post #: 2
RE: FBA to SSL/Kerberos Site collection using ISA in Tr... - 23.Apr.2009 6:02:39 PM   
woodrowl

 

Posts: 4
Joined: 23.Apr.2009
Status: offline
lol  busted, talked a couple of times but yet to have a pint.  Sure if Richards busy and can't make an up north visit I could give Mr Ferg a call and get a night out sorted.  What's Barry's entertainment budget like?

Pulling hair out over this one, the optimist in me says it can be done. Since I haven't read it yet in black and white from MS's whitepapers then we will push on!

Have more troubleshooting to do basically, just casting a line out for previous experiance.

Would it be a dead end to strip the site collection back to NTLM and try and build from there?  If the ISA servers are domain integrated does that kettle them from using LDAP authentication to other DC's? trusted/trusting or otherwise? 

Tomorrows going to be a bit of a day dedicated to resolving this, if your kicking around the office and have time for a go2meeting session let me know.

(in reply to Jason Jones)
Post #: 3
RE: FBA to SSL/Kerberos Site collection using ISA in Tr... - 24.Apr.2009 5:10:22 AM   
woodrowl

 

Posts: 4
Joined: 23.Apr.2009
Status: offline
Tickbox for ldaps, can now see traffic hitting the DC's in the domain at least, time to put the certificates on the DC's.

Will keep posting with updates of progress.

(in reply to woodrowl)
Post #: 4
RE: FBA to SSL/Kerberos Site collection using ISA in Tr... - 24.Apr.2009 6:54:03 AM   
woodrowl

 

Posts: 4
Joined: 23.Apr.2009
Status: offline
Got it working, thank god!

Might be worth writing up a bit on it.

(in reply to woodrowl)
Post #: 5
RE: FBA to SSL/Kerberos Site collection using ISA in Tr... - 24.Apr.2009 7:53:09 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: woodrowl

lol  busted, talked a couple of times but yet to have a pint.  Sure if Richards busy and can't make an up north visit I could give Mr Ferg a call and get a night out sorted.  What's Barry's entertainment budget like?

Pulling hair out over this one, the optimist in me says it can be done. Since I haven't read it yet in black and white from MS's whitepapers then we will push on!

Have more troubleshooting to do basically, just casting a line out for previous experiance.

Would it be a dead end to strip the site collection back to NTLM and try and build from there?  If the ISA servers are domain integrated does that kettle them from using LDAP authentication to other DC's? trusted/trusting or otherwise? 

Tomorrows going to be a bit of a day dedicated to resolving this, if your kicking around the office and have time for a go2meeting session let me know.


Hi Lee,

It was the 'DomainOne.ltd.uk' that gave it away!

Yep, you can combine Active Directory (Windows) and LDAP if you have different listeners. LDAP is good for environments with multiple forests and no trusts (and even if trusts are in place)

Good to hear you got it working!

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to woodrowl)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> FBA to SSL/Kerberos Site collection using ISA in Trusted Forest. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts