Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Proxy-Auth at ISA without Domain integration

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> Proxy-Auth at ISA without Domain integration Page: [1]
Login
Message << Older Topic   Newer Topic >>
Proxy-Auth at ISA without Domain integration - 27.Nov.2006 10:36:22 AM   
jmeisel

 

Posts: 1
Joined: 27.Nov.2006
Status: offline 		Hello,

since this is my first post in this forum, I first want to say "hi" and thank you guys that started and filled this site and this forum with that much info, that already helped me a lot.

I am a system engineer and I already installed several ISA 2004 Servers and now I got faced with a problem that I never thought about until now.
One of our customers has a ISA 2006 that is NOT a Domain Member. Nevertheless, the ISA Server Webproxy should be configured to check user credentials, so that only explicit Windows Groups are allowed surf several sites in the www.
e.g.
The Group "Administrators" are allowed to surf everything (URL-Set http://*)
The Group "Secretaries" are allowd to surf several named sites (URL-Set ....)
The others are allowed to go to all the other sites between 12 and 1 o clock.

My Problem is NOT the configuration of the access rules or the URL-sets, but the way to authenticate the users / groups. As far as I know the ISA 2006 supports LDAP, but not to authenticate webproxy-clients. That only works with standard-authentication, integrated authentication or using a radius server.
In my eyes radius would not solve my problem. But you can sure try to change my opinion...
Isn't there a way to authenticate against the ADS without the ISA beeing Domain Member?
Or: how would you solve this?

Thanks in advance!
Post #: 1
RE: Proxy-Auth at ISA without Domain integration - 29.Nov.2006 10:26:49 AM   
elmajdal

 

Posts: 5060
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

how would you solve this?

By convincing my client that joining ISA to the domain is much more secure & lot more benefits , check  this article: http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html



_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to jmeisel)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> Proxy-Auth at ISA without Domain integration Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts