• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

auto logon for internal users?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> auto logon for internal users? Page: [1]
Login
Message << Older Topic   Newer Topic >>
auto logon for internal users? - 14.Aug.2006 4:44:51 PM   
bobbba

 

Posts: 11
Joined: 4.Aug.2006
Status: offline
I have a SSL secured web site behind ISA 2004 using RADIUS/IAS for authentication. the site is accessed by 80% external users and 20% internal. I have been trying to get the internal users to be able to authenticate automatically without success.

Anyone have any ideas? (I have tried adding the site to both the trusted and intranet site but this has not worked)

Any help would be greatly appreciated.

< Message edited by bobbba -- 14.Aug.2006 5:08:49 PM >
Post #: 1
RE: auto logon for internal users? - 15.Aug.2006 2:47:29 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Bob,

Make sure the clients are using the autoconfiguration script and the internal site is configured for Direct Access.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to bobbba)
Post #: 2
RE: auto logon for internal users? - 15.Aug.2006 3:39:44 PM   
bobbba

 

Posts: 11
Joined: 4.Aug.2006
Status: offline
I take it the auto config script is for the ISA clients? My clients are not using ISA as web proxy, they access a 3rd party proxy (provided on our LAN by our ISP) that directs them to our Cisco firewall that directs them to our ISA servers.

The setup works if I direct IE directly to the IIS site. It's just when they go through ISA(and IAS/RADIUS) that internet explorer does not seem to pass the credentials (even when the site is added to IE's trusted or intranet sites)

The only thing I can think of is that ISA in combination with IAS requires that the user enters credentials regardless of what is configured in IE. This would seem to only leave me with trying to devise a solution where internal users don't go through ISA or they have an alternate rule/listener with lower authentication level.

Many thanks

Rob

(in reply to tshinder)
Post #: 3
RE: auto logon for internal users? - 12.Sep.2006 4:07:24 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Rob,

From a security point of view, that's a pretty nasty setup you have going there.

You'll NEVER get transparent auth with RADIUS. You need to a way to force Direct Access.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to bobbba)
Post #: 4
RE: auto logon for internal users? - 27.Sep.2006 5:22:09 PM   
bobbba

 

Posts: 11
Joined: 4.Aug.2006
Status: offline
Hi Tom,

Thanks for the reply.

Just curious why you think that from the security pov, it's a nasty setup? Any advice would be appreciated as I'm finding it difficult to implement seamless access for internal users and secure access for external users at the same time. Any best practice ideas?

Thanks for the confirm on radius, I'm planning on directing internal users via internal dns to a separate IP and isa rule without isa auth to allow transparent auth.

Many thanks

Rob

(in reply to tshinder)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> auto logon for internal users? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts