• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Only Administrator account authenticates - not domain users?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Web Proxy] >> Unihomed >> Only Administrator account authenticates - not domain users? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Only Administrator account authenticates - not domain u... - 3.Aug.2007 3:19:09 AM   
rapido

 

Posts: 9
Joined: 3.Aug.2007
Status: offline


Hi


I’m new to ISA.

Only the  (domain) administrator  account works when ‘Require All users to authenticate’ is checked for internal interface (when unchecked all works).

Setup:

1. ISA 2006 is a member of the domain (and the domain is selected)
2. Single NIC proxy only

Observations:

1. My username is a member of Administrators group yet doesn’t work
2. Log shows ‘Administrator’ when administrator credentials used and ‘anonymous’ when my credential are used.
3. Log show RPC failure to local DC when IE first starts on a client.

Any Ideas?

Thanz

AJ


AJ
Post #: 1
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 6:32:58 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi,

quote:

  Only the  (domain) administrator  account works when ‘Require All users to authenticate’ is checked for internal interface (when unchecked all works).


Never use this option : Require All users to authenticate , as it gives problems more
than it solves.

If you require all users to authenticate, then enforce this thru ur rules, and this is done by authenticating outbound rules with users from ur AD.

HTH,
Tarek


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to rapido)
Post #: 2
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 6:38:20 AM   
rapido

 

Posts: 9
Joined: 3.Aug.2007
Status: offline
Hi

Thanks for the reply. I’ll give it a go.

Also – what constitutes an ‘authenticated user’; Eg an authenticated member of the domain?, or a member of a security group? or both?

AJ

(in reply to rapido)
Post #: 3
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 7:40:15 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Users and/or groups

do u have an Active Directory ?? if you do, then authenticate users from AD .
instead of using all authenticated users, start using users and/or groups from AD.

by the way, why r u using a single nic ISA ?? u r not benefiting from more than 80 % of the features that ISA can provide u with when u do use it with atleast 2 NICs ?

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to rapido)
Post #: 4
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 8:16:29 AM   
rapido

 

Posts: 9
Joined: 3.Aug.2007
Status: offline
Hi
 
Yes I have AD and there is a Domain Controller on the same segment/subnet.
 
This is where I’m getting confused; I not sure what is meant by ‘Authenticated Users’ in ISA speak (Eg as seen under Toolbox Tab – Users “All Authenticated Users”)??
 
Also - when I try to add AD security group “Internet Users’ in the Users tab of a Firewall Policy rule – an error occurs ‘The RPC server is unavailable ( I think ISA is blocking RPC to AD)??
 
I think I’m have the identical problem as discussed here
 
http://www.eggheadcafe.com/software/aspnet/30389154/isa-2006-and-rpc-problem.aspx
 
* * *
 
 
The ISA is behind a firewall and I’m only going to be using it for Web proxy and Layer 7 filtering hence the 1 NIC.
 
I’ll have to try your suggestions when back at work Monday.
 
AJ

(in reply to rapido)
Post #: 5
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 8:22:22 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

Also - when I try to add AD security group “Internet Users’ in the Users tab of a Firewall Policy rule – an error occurs ‘The RPC server is unavailable ( I think ISA is blocking RPC to AD)??

what SP u have on your ISA Server ??


This RPC problem was solved with SP1 of ISA 2004

do u have SP3 on your ISA Server 2004 ?

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to rapido)
Post #: 6
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 8:34:28 AM   
rapido

 

Posts: 9
Joined: 3.Aug.2007
Status: offline
Sorry, I should have stated that this is ISA 2006 - 'fresh install'.

I think the eggheadcafe link is a good lead to follow Monday - I'll need to re-read,

AJ

(in reply to rapido)
Post #: 7
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 1:58:27 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Try it and report back, will be waiting you reply.

Thanks,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to rapido)
Post #: 8
RE: Only Administrator account authenticates - not doma... - 5.Aug.2007 7:54:00 PM   
rapido

 

Posts: 9
Joined: 3.Aug.2007
Status: offline
yes, registry changes suggested in the eggheadcafe.com post solved the problem!

Thank you for your help.

AJ

(in reply to rapido)
Post #: 9
RE: Only Administrator account authenticates - not doma... - 6.Aug.2007 4:42:37 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi Rapido,

i've noted this, Thanks for the follow up.

Tarek.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to rapido)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Web Proxy] >> Unihomed >> Only Administrator account authenticates - not domain users? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts