• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Pass through athentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> Pass through athentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
Pass through athentication - 19.Jan.2006 7:11:10 PM   
Duncan01

 

Posts: 18
Joined: 25.Aug.2004
From: England
Status: offline
Pass through authentication



Hi all
A problem I have with my ISA server is this;
We have some users that have a database and it asks a web sight for updates there are about 20 or so users using this, the other 180 users don't need to access this site at all, I set up authentication for all users and the logging was spot on bringing up all usernames, except that is for the people that have to use this database, they now can't get to their web site, I called the company that supplied the software we are using, and they said that the fact that it goes out anonymously is hard coded into their program and cannot be changed.

At the moment no usernames are shown but the powers that be want this changed, for now I have taken off All users to authenticate from the properties sheet in the internal networks dialog box, if that makes sense

So my question is can I make a group and allow the users of this said software to go out anonymously whilst everyone else gets authenticated and their names back into the username logging field?

I hope someone can point me to a way to get this done

Thanks for your time

Regards
Duncan
Post #: 1
RE: Pass through athentication - 20.Jan.2006 3:58:09 AM   
carorieta

 

Posts: 102
Joined: 15.Dec.2005
Status: offline
Hi Duncan,

On our network we have 3 Tablets running Windows CE, CE's can not be joined to a Windows domain, they allow non-employess to access the Internet. We had the same problem, when we implemented integrated Windows authentication, the rest of the computers on the domain (computer members), were able to access the internet w/o the authentication prompt, however the 3 tablets were requiring authentication with the proxy when accessing IE.
I believe your problem is the proxy authetication as well.
The solution we implemented:
1. Create a computer set. We added the three tablet IP addresses to this computer set.
For example: 192.168.100.10 to 192.168.100.14, This is done from Firewall Policies\Toolbox\Computer sets
2. We created a rule for the Tablets computer set to allow internet access
3. We modify the rule, we disable http/https proxy for this rule
4. On the tablets we modified the IE settings, From Internet Options\Connections\LAN settings, we enabled: Automatic Detect settings and unchecked the box that specifies the proxy server.

As a result they have internet acceess w/o being authenticated by the proxy

One more thing, this rule should be on top of the general allow Internet Access from Internal to External
If your users are assigned one computer, you can create a computer sets for this specific group.

Of course you won't see the domain_name /user_name from the Monitoring Tabs for these connections because they are bypassing the proxy

I hope that helps you


_____________________________

carorieta

(in reply to Duncan01)
Post #: 2
RE: Pass through athentication - 20.Jan.2006 2:45:39 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Huh?
For 20 users, fix their IP, bypass the http filter and allow anonymous for everything?  I think not.

Create an anonymous rule to just that one site and set that site as *direct*.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to carorieta)
Post #: 3
RE: Pass through athentication - 23.Jan.2006 4:35:11 AM   
carorieta

 

Posts: 102
Joined: 15.Dec.2005
Status: offline
LL...

Huh?

When you made the comment down below I did not respond to the forum with a "Huh?".

My knowledge on ISA 2000 sucks, but ISTR that binding multiple IPs to the external NIC is only available on ISA 2K4. < Message edited by LLigetfa -- 14.Jan.2006 3:52:26 PM >

I really believe we are here to interchange knowledge, help and learn from others.
Trying to help, I did post a procedure, may be is no the best approach, but it was a procedure for a solution.
It is so easy to post one sentence, If you are really trying to help you should go deeper than that.
I am not trying to make a confrontation, but I believe I need to make that remark

Cordially

Carorieta






_____________________________

carorieta

(in reply to LLigetfa)
Post #: 4
RE: Pass through athentication - 23.Jan.2006 4:56:22 AM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:

I am not trying to make a confrontation

I don't know... kind of a strong reaction to "Huh?".

I confessed my lack of knowledge of ISA 2000 so I don't know why you insist on rubbing my nose in it.  Why?  Because I dared disagree with your advice?  If you disagree with my advice, state your objections, don't dredge up irrelevent quotes.

You seem to like writing long dissertations and to each his own.  I think I conveyed the necessary information on one sentence.  Are we to have a contest of word counts?

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to carorieta)
Post #: 5
RE: Pass through athentication - 8.Feb.2006 12:50:42 PM   
Duncan01

 

Posts: 18
Joined: 25.Aug.2004
From: England
Status: offline
Sorry I haven't replyed back sooner, but thanks for all the help you have all given me I will try this out today

Regards
Duncan

(in reply to LLigetfa)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> Pass through athentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts