Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Only Administrator account authenticates - not domain users?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Only Administrator account authenticates - not domain u... - 3.Aug.2007 3:19:09 AM
|
|
|
rapido
Posts: 9
Joined: 3.Aug.2007
Status: offline
|
Hi
I’m new to ISA.
Only the (domain) administrator account works when ‘Require All users to authenticate’ is checked for internal interface (when unchecked all works).
Setup:
1. ISA 2006 is a member of the domain (and the domain is selected)
2. Single NIC proxy only
Observations:
1. My username is a member of Administrators group yet doesn’t work
2. Log shows ‘Administrator’ when administrator credentials used and ‘anonymous’ when my credential are used.
3. Log show RPC failure to local DC when IE first starts on a client.
Any Ideas?
Thanz
AJ
AJ
|
|
|
|
|
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 6:32:58 AM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi,
quote:
Only the (domain) administrator account works when ‘Require All users to authenticate’ is checked for internal interface (when unchecked all works).
Never use this option : Require All users to authenticate , as it gives problems more
than it solves.
If you require all users to authenticate, then enforce this thru ur rules, and this is done by authenticating outbound rules with users from ur AD.
HTH,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 6:38:20 AM
|
|
|
rapido
Posts: 9
Joined: 3.Aug.2007
Status: offline
|
Hi
Thanks for the reply. I’ll give it a go.
Also – what constitutes an ‘authenticated user’; Eg an authenticated member of the domain?, or a member of a security group? or both?
AJ
|
|
|
|
|
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 7:40:15 AM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Users and/or groups
do u have an Active Directory ?? if you do, then authenticate users from AD .
instead of using all authenticated users, start using users and/or groups from AD.
by the way, why r u using a single nic ISA ?? u r not benefiting from more than 80 % of the features that ISA can provide u with when u do use it with atleast 2 NICs ?
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 8:16:29 AM
|
|
|
rapido
Posts: 9
Joined: 3.Aug.2007
Status: offline
|
Hi
Yes I have AD and there is a Domain Controller on the same segment/subnet.
This is where I’m getting confused; I not sure what is meant by ‘Authenticated Users’ in ISA speak (Eg as seen under Toolbox Tab – Users “All Authenticated Users”)??
Also - when I try to add AD security group “Internet Users’ in the Users tab of a Firewall Policy rule – an error occurs ‘The RPC server is unavailable ( I think ISA is blocking RPC to AD)??
I think I’m have the identical problem as discussed here
http://www.eggheadcafe.com/software/aspnet/30389154/isa-2006-and-rpc-problem.aspx
* * *
The ISA is behind a firewall and I’m only going to be using it for Web proxy and Layer 7 filtering hence the 1 NIC.
I’ll have to try your suggestions when back at work Monday.
AJ
|
|
|
|
|
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 8:22:22 AM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
quote:
Also - when I try to add AD security group “Internet Users’ in the Users tab of a Firewall Policy rule – an error occurs ‘The RPC server is unavailable ( I think ISA is blocking RPC to AD)??
what SP u have on your ISA Server ??
This RPC problem was solved with SP1 of ISA 2004
do u have SP3 on your ISA Server 2004 ?
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 8:34:28 AM
|
|
|
rapido
Posts: 9
Joined: 3.Aug.2007
Status: offline
|
Sorry, I should have stated that this is ISA 2006 - 'fresh install'.
I think the eggheadcafe link is a good lead to follow Monday - I'll need to re-read,
AJ
|
|
|
|
|
RE: Only Administrator account authenticates - not doma... - 3.Aug.2007 1:58:27 PM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Try it and report back, will be waiting you reply.
Thanks,
Tarek
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Only Administrator account authenticates - not doma... - 5.Aug.2007 7:54:00 PM
|
|
|
rapido
Posts: 9
Joined: 3.Aug.2007
Status: offline
|
yes, registry changes suggested in the eggheadcafe.com post solved the problem!
Thank you for your help.
AJ
|
|
|
|
|
RE: Only Administrator account authenticates - not doma... - 6.Aug.2007 4:42:37 AM
|
|
|
elmajdal
Posts: 5074
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Hi Rapido,
i've noted this, Thanks for the follow up.
Tarek.
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
