Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Protocol rules does not work when applied to domain users/groups
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Protocol rules does not work when applied to domain use... - 7.Jan.2003 1:03:00 AM
|
|
|
firepot408
Posts: 19
Joined: 8.Dec.2002
Status: offline
|
Hi all,
I have my internal host configured as both SecureNAT and FW Client (Default GW->Internal NIC IP address). When I add a protocol rule to restrict specific domain users from using FTP(Or telnet,etc), I can't get any protocols to work at all (even though FTP was the only protocol that was restricted). When i change from "applies to" specific users -> all destination, everything works fine again. Please tell me why User Authentication doesn't work with protocol rule.
Thanks,
Firepot
|
|
|
|
RE: Protocol rules does not work when applied to domain... - 7.Jan.2003 4:43:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Fireport,
Create protocol rules that allow access, and assign permissions to those users/groups you want to use it. Don't include users/groups that you don't want to use it.
HTH,
Tom
|
|
|
|
|
RE: Protocol rules does not work when applied to domain... - 7.Jan.2003 4:58:00 PM
|
|
|
firepot408
Posts: 19
Joined: 8.Dec.2002
Status: offline
|
Strangely, all protocols stops working when I applies the rules to specific users/groups instead of specifying all requests or client sets. Any idea? (I have the internal server configured as FW Client and SNAT at the same time). Is it possible that the SNAT client takes precedence over the FW client?
THanks,
Firepot
|
|
|
|
|
RE: Protocol rules does not work when applied to domain... - 7.Jan.2003 7:02:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi firepot,
What protocol rule seems to be stopping everyone from accessing the site? Enable all fields in your Web Proxy and Firewall logs and then check for what rules are blocking access.
HTH,
Tom
|
|
|
|
|
RE: Protocol rules does not work when applied to domain... - 7.Jan.2003 9:45:00 PM
|
|
|
firepot408
Posts: 19
Joined: 8.Dec.2002
Status: offline
|
Any protocol rules that apply to specific users/groups instead of applying to any request would stop the protocols from working. Need help badly.
thanks,firepot
|
|
|
|
|
RE: Protocol rules does not work when applied to domain... - 8.Jan.2003 3:36:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Firepot,
When you assign a user/group to a protocol rule, does it stop that one protocol rule from working, or does it stop all protocol rules from working?
Thanks!
Tom
|
|
|
|
|
RE: Protocol rules does not work when applied to domain... - 8.Jan.2003 5:09:00 PM
|
|
|
firepot408
Posts: 19
Joined: 8.Dec.2002
Status: offline
|
It stops that one protocol from working.
|
|
|
|
|
RE: Protocol rules does not work when applied to domain... - 9.Jan.2003 7:50:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Firepot,
OK, it looks like a problem with authentication. Is the ISA Server a member of the domain that the users belong to?
Are the users logging into the domain?
Are the machines memebers of the domain?
Use netdiag to confirm domain connectivity.
HTH,
Tom
|
|
|
|
|
RE: Protocol rules does not work when applied to domain... - 10.Jan.2003 5:53:00 PM
|
|
|
firepot408
Posts: 19
Joined: 8.Dec.2002
Status: offline
|
I think I know what the problem is. You are absolutely right. Even though my ISA server is a member of the internal domain, my terminal server (sitting on the outside of the ISA external network) can't join the domain. I will follow your instruction on how to publish services for intradomain communication to see if it will resolve the problem. One concern I have is that will the TS users (with firewall client installed) be authenticated given the protocol rules defined to do so. Please let me know if you can help. I have my TS default gateway point to the external interface of the ISA server and use internal DNS servers for name resolution for the TS. Would this cause any problem ?
THanks,
Firepot
|
|
|
|
|
RE: Protocol rules does not work when applied to domain... - 11.Jan.2003 8:28:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Firepot,
There are a lot of adverse consequences of the intradomain communcations setup I describe in that article. It was mostly a lab exercise. Check out this article:
==================
INFO: ISA Server Does Not Support Domain Members In Perimeter Network
The information in this article applies to:
Microsoft Internet Security and Acceleration Server 2000
Microsoft Internet Security and Acceleration Server 2000 SP1
This article was previously published under Q329807
SUMMARY
Microsoft Internet Security and Acceleration (ISA) Server 2000 does not support having domain members or domain controllers in the perimeter network that belongs to a domain on the internal network behind ISA.
Domain or inter-forest trust relationships between a domain or forest in a perimeter network and a domain or forest on the internal network behind ISA are also not supported.
MORE INFORMATION
This applies to both back-to-back and three-homed perimeter networks.
Last Reviewed: 10/26/2002
Keywords: kbinfo KB329807 kbAudDeveloper
====================
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
