• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Radius integration on isa 2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Radius integration on isa 2004 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Radius integration on isa 2004 - 24.Feb.2004 5:12:00 PM   
turbomcp

 

Posts: 36
Joined: 13.Nov.2002
Status: offline
hi
i have a question regarding isa 2004 and its radius integration,here it goes:

lets say i have isa 2004 box not part of the domain and i am publishing exchange 2003 with forms based authentication,this thing works and is pretty easy to configure.
now i want to elevate beyond this and make the isa ask for authentication using radius in the internal network(windows 2003 dc) even before i get to the published site.
is this possible(all i get is multiple prompts)
on the radius option i configured everything and on the isa i created a radiususers group containing the option all users in the namespace.

does this thing supose to work?
can i use radius for authentication rules when the isa is not part of the domain(in the dmz somewhere)??
Post #: 1
RE: Radius integration on isa 2004 - 25.Feb.2004 12:07:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Turbo,

FBA and RADIUS don't work together because the credentials from the form are sent to the OWA site, not auth'd by the ISA machine.

HTH,
Tom

(in reply to turbomcp)
Post #: 2
RE: Radius integration on isa 2004 - 25.Feb.2004 9:02:00 AM   
turbomcp

 

Posts: 36
Joined: 13.Nov.2002
Status: offline
no:)
i know this toms
this was just an example
i wanted the user to be authenticated before he "sess" the owa logon page.
it could be just some site published without authentication at all,which i want the isa to authenticate users before they reach that site but i want him to take the user datbase from radius and not local users(since he is not in the domain)

(in reply to turbomcp)
Post #: 3
RE: Radius integration on isa 2004 - 25.Feb.2004 12:05:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Turbo,

OK, I think I understand what you want to do. Yes, you can auth the user at the firewall using RADIUS before the user is allowed access to the site. But I don't think you can use RADIUS and FBA for the same rule. I haven't checked it yet, so if you test it, let us know what you find out!

Thanks!
Tom

(in reply to turbomcp)
Post #: 4
RE: Radius integration on isa 2004 - 25.Feb.2004 1:52:00 PM   
turbomcp

 

Posts: 36
Joined: 13.Nov.2002
Status: offline
yes exactly:)
thats what i ment
i am thinking this
if a user from the internet tries to connect i dont even want him to see the owa page cause then he will know its hosting exchange
i want an prelimitery check of identitiy before he "sees" the page(nevermind if its something else then owa)

i will try it again and let you know

(in reply to turbomcp)
Post #: 5
RE: Radius integration on isa 2004 - 26.Feb.2004 12:36:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Turbo,

I think what I would do it create a page that includes a redirect to the OWA site. Require them to log onto that page and when they log on, then they are presented with the form.

HTH,
Tom

(in reply to turbomcp)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Radius integration on isa 2004 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts