Re: ISA (2006) + LDAP Authentication

Thanks again Phillip,

there are advantages to using ADAM (or another auth mechanism)

- External users do not need to participate in AD
- A single account can be created and used for access to multiple apps
(rather than creating accounts on each target server)

What I had hoped was that LDAP groups could be used to determine access
rather than using groups within the Firewall Rule on ISA. It doesn't look
like groups are supported though, will have to think of another approach.
Thanks for your time and responses.

regards,
Remy

don't know if I was unclear about this but all access will be from the
internet whether the user is part of AD or not so the auth point will
always
be ISA in the first instance. I would have liked accounts to be stored in
ADAM instance(s) located internally for a couple of reasons:

- The ADAM directory could be replicated
- Account management could be completed internally without requiring
access
to ISA

That is no different than using AD

It would

"Phillip Windell" wrote:

"Remy" <Remy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E8F0AEAC-1A2C-41C0-A206-F6418B9A1556@xxxxxxxxxxxxxxxx
don't know if I was unclear about this but all access will be from the
internet whether the user is part of AD or not so the auth point will
always
be ISA in the first instance. I would have liked accounts to be stored in
ADAM instance(s) located internally for a couple of reasons:

- The ADAM directory could be replicated
- Account management could be completed internally without requiring
access
to ISA

That is no different than using AD

From what you are saying this isn't possible.

I didn't say that. I have never used ADAM. It is only part of the
enterprise version of ISA and I never mess with "enterprise" solutions,..I
only do "standard". So I don't know what you can do or not do with
ADAM,...I just don't think there is any need for it since AD will work
perfectly fine.

If local users/groups were created on ISA what would be the best approach
to
allow our non technical staff to maintain the users/groups? (allow LDAP
access from internal machines and provide a form of LDAP maintenance
tool?)

The local accounts I mentioned would be on the target Server, not the ISA.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com



.

Relevant Pages

  • Re: Allow users outside active directory
    ... > We are using ISA server 2000 to control internet traffic, ... > All domain users in the AD can access web sites on the internet ... If the canteen users don't have accounts, creating AD accounts can give them ...
    (microsoft.public.isa)
  • Re: Isa Server 2004
    ... I would let the default account for the ISA Services which is "Local ... A computer running Windows Server 2003, ... You can install ADAM in a server running SQL, ... You can work with local and or domain accounts in both ISA2000 ...
    (microsoft.public.isaserver)
  • Re: Proxy authentication credentials prompt not needed
    ... accounts - they are local accounts on domain members. ... there is no way to force ISA to do not display/request the "proxy ... I have an unihomed ISA Server 2006 installed on Windows Server 2003. ... internet using web browser, they are prompted for credentials for ISA ...
    (microsoft.public.isa)
  • Re: ISA (2006) + LDAP Authentication
    ... internet whether the user is part of AD or not so the auth point will always ... be ISA in the first instance. ... won't store external accounts there. ... External users will simply ...
    (microsoft.public.isa.configuration)
  • RE: New users cannot access some parts of internal website
    ... I understand that the new accounts cannot ... Uninstall Internet Explorer Enhanced Security by unchecking the same. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)