• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Domain Authentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Domain Authentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
Domain Authentication - 13.Jul.2011 11:52:32 AM   
noddles

 

Posts: 47
Joined: 21.Apr.2008
Status: offline
Hello Guys,
Please i am having a serious problem.

I want to lock down my network and enable only domain users access to any network resource (any of my Servers and Internet).

On my network, i am running ISA Server 2006 (SP1) and Server 2003 Std. I have a domain XXX.com which my users log into. I joined the ISA Server to XXX domain (to enable the machine pull user accounts).

Please can anyone help me with the correct steps to enable only XXXX Domain users to access the network. I know i have to change the users tab from all users to a specified user but i cant see where ISA allows OU's. Even if i add a group, and maybe later i add a new person to the domain, i have to go to the ISA and re-add that user before he / she can access the network.

I think i am doing something wrong..
Post #: 1
RE: Domain Authentication - 13.Jul.2011 4:30:40 PM   
renatomarson

 

Posts: 17
Joined: 12.Jul.2011
Status: offline
Hi Noddles,

On ISA Server go to Firewall Policy. On the right panel, you'll find the tab Toolbox.

On the Toolbox, go to Users -> New and create a new group name, on next step you'll be able to choose which AD group you want to add on this group that you created.

So, when you add a new user on that group on AD, this user will be automatically added to this group that you created.

On Access rules, replace the ALL Users per the group you created

[]'s

Renato Marson Pagan

< Message edited by renatomarson -- 13.Jul.2011 4:35:03 PM >

(in reply to noddles)
Post #: 2
RE: Domain Authentication - 15.Jul.2011 2:20:20 PM   
noddles

 

Posts: 47
Joined: 21.Apr.2008
Status: offline
Hi renatomarson,
i am very grateful for your assistance, it worked. I actually thought that the ISA would lift the OU's i created on the Domain controller but i used your advise and its working.

I created a security group and added everyone in my domain to that group, now on the ISA i changed the all users to the group i created on the Domain controller. Now, ant request that come through the ISA, it looks at the group members on the DC and either allows or denies access. But, it also means that anytime i create a user on the DC, i must add the user to that security group. A little bit tasking but manageable.

Or, does anyone have any other ideas?

thanks.......

(in reply to renatomarson)
Post #: 3
RE: Domain Authentication - 15.Jul.2011 2:45:04 PM   
renatomarson

 

Posts: 17
Joined: 12.Jul.2011
Status: offline
Hi Noodles.

On ISA and TMG there is a built-in group called All Authenticated Users.

If you choose this group instead of All Users, the TMG will request authentication to all users and you don't need to add the users to any group.

:)

(in reply to noddles)
Post #: 4
RE: Domain Authentication - 15.Jul.2011 3:05:03 PM   
noddles

 

Posts: 47
Joined: 21.Apr.2008
Status: offline
Hi renatomarson,
Is there anywhere on the ISA i can specify the authentication should come from?

(in reply to renatomarson)
Post #: 5
RE: Domain Authentication - 15.Jul.2011 3:26:53 PM   
renatomarson

 

Posts: 17
Joined: 12.Jul.2011
Status: offline
Noddles,

If your ISA is a domain member, you can use Domain Users.

Or you can configure Radius or LDAP servers.

On the left panel go to General -> Specify RADIUS and LDAP Servers.

After you configure RADIUS or LDAP, you can use this servers to authenticate users.

(in reply to noddles)
Post #: 6
RE: Domain Authentication - 17.Jul.2011 4:15:56 PM   
noddles

 

Posts: 47
Joined: 21.Apr.2008
Status: offline
Hi renatomarson and everyone,
I am still having problems with my ISA Server. Now on my HQ ISA, the security group i created works very well. All i have to do is, add users to the security group on my DC and immediately they can access my network (I changed the all users to the security group i created on my DC).
Now, on one of my branch offices, i created the same group on the DC over there, added users to that security group, now when i try to access the DC from the ISA (or rather create the security group on the users tab), i get the following error "Windows cannot resolve xxx@xxx.com, either the domain cannot be contacted or not reachable".
Please can anyone help resolve this?

(in reply to renatomarson)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Domain Authentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts