• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA Server 2006 Authentication Settings

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> ISA Server 2006 Authentication Settings Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA Server 2006 Authentication Settings - 15.Apr.2011 11:31:10 AM   
kiheiman

 

Posts: 11
Joined: 20.Jan.2003
From: Chandler, AZ
Status: offline
We have been running ISA Server 2000 since 2003 and we are trying to upgrade to ISA Server 2006 std. We tried the migration several times (2000 to 2004 to 2006), but ended up with corruption problems on the Firewall rules. We did a clean install of 2006 and manually configured all of the firewall rules. The access piece to outside Web sites seems to be working OK. I am not sure how I should set up the authentication for domain users. Users are assigned domain accounts and passwords, but we do not join their PCs to the domain. On 2000, a user gets a pop up login box to their first Web site access and they enter their account name and password. They do not need to enter login creditials again for accesses to other Web sites. The ISA server is set up with two network interfaces and we are using NAT for accesses to non-Web sites.

I would like to duplicate the operation of 2006 the same as 2000, but the authentication settings are different. Does anyone have any recommendations on where/what the authentication settings should be? On 2000, for the Web listener, we have both the Basic and Integrated boxes checked. All user PCs are set up to point to the ISA Web Proxy server on port 8080. I want to set up the authentication such that any new PC attached to the network will not be able to get Web access without entering a valid account and password.
Post #: 1
RE: ISA Server 2006 Authentication Settings - 15.Apr.2011 10:53:44 PM   
stevenrix

 

Posts: 101
Joined: 16.Feb.2011
Status: offline
ISA firewall configured as a forward proxy webserver with integrated authentication?

It depends on the configuration of your infrastructure, and be sure to look again at your diagram within your organization. Quite frankly i am not sure, there are many possibilities (LDAP or Radius).
This document should enlighten you: ISA 2006 authentication
http://technet.microsoft.com/en-us/library/bb794722.aspx
"When ISA Server is configured to require authentication, because a publishing rule applies to a specific user set or All Authenticated Users, or a Web listener is configured to Require all users to authenticate, ISA Server validates the credentials before forwarding the request."
Then read this one:
"Customizing HTML Forms in ISA Server 2006"
http://technet.microsoft.com/en-us/library/bb794733.aspx


Both of these docs should hopefully help you to do what you need to do without restructuring your organization.

And for a configuration, may I suggest this link, if this is of any help:

http://tmgblog.richardhicks.com/2009/08/10/configuring-microsoft-isa-server-2006-web-proxy-to-prompt-authenticated-users/

(in reply to kiheiman)
Post #: 2
RE: ISA Server 2006 Authentication Settings - 16.Apr.2011 7:14:59 AM   
kiheiman

 

Posts: 11
Joined: 20.Jan.2003
From: Chandler, AZ
Status: offline
Thanks for the info. I will take a look at all 3 articles that you referenced. I don't think we would need LDAP or Radius for authentication since we are not using those methods with our current ISA Server 2000. I am assuming that I need to make all authentication changes under:
configuration/networks/internal/Web Proxy/Authentication

Under Firewall Policy/Network Objects, I see a Web Listener tab, but I assuime that is for configuring the Web listener for incoming requests from the Internet.

It seems that my options center around the options for Basic, Integrated, or both and the user type of "all users" or "authenticated users" under the Firewall Policy for HTTP access.

Am I missing anything else that I should be looking at?

Regards,
Clint

(in reply to stevenrix)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> ISA Server 2006 Authentication Settings Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts