Authenticate on other ISA servers? (Full Version)

All Forums >> [ISA Server 2004 General ] >> General



Message


davehocking -> Authenticate on other ISA servers? (1.Jun.2006 4:23:02 PM)

Hi all, below is a rough network diagram...

Essentially I want users of the Terminal Server to be authenticated by the Office ISA server.

[image]http://www.david.hocking.zen.co.uk/isaserver/network.jpg[/image]

..So if a user of the TS box views the Sharepoint site, I would like that to be included in the logs on the Office ISA server, with the users details. How do I get the Terminal Server to 'pass' authentication to the 'other' ISA server?

Ideas please!

Cheers

Dave




tshinder -> RE: Authenticate on other ISA servers? (3.Jun.2006 6:30:09 PM)

Hi Dave,

Are these trihomed ISA firewalls?

thanks!
Tom




davehocking -> RE: Authenticate on other ISA servers? (7.Jun.2006 4:31:46 PM)

Hi Tom, they're much more than tri-homed, the DMZ ISA server has 5 and the Office ISA has 6 active interfaces..

Any advice greatly appreciated! :)




tshinder -> RE: Authenticate on other ISA servers? (9.Jun.2006 2:54:47 AM)

Hi Dave,

Right now the best option is to create a route relationship between the source and destination ISA firewall Networks and then use the Firewall client.

HTH,
Tom




davehocking -> RE: Authenticate on other ISA servers? (9.Jun.2006 12:04:53 PM)

Will I need to open any ports to allow the firewall client to connect? - This is where it all went wrong for me when I tried it, I couldn't find a definitive list of what ports would need opening.

Thanks for the advice, appreciated :)




tshinder -> RE: Authenticate on other ISA servers? (9.Jun.2006 6:33:54 PM)

Hi Dave,

You'll need need the authentication ports open that are typically used for intradomain communcations. Try LDAP/LDAPS and RPC (all interfaces) from the Firewall clients to the DCs on the other Network.

HTH,
Tom




Page: [1]