a little bit complex question about RADIUS and groups
- From: "Ralf Huelsmann" <DE-NRW-DUI-IT2S@xxxxxxxxxxxxxxxxx>
- Date: Wed, 1 Nov 2006 22:39:10 +0100
Hi,
i need a few thougths from another point of view.
for suere, expirience or a complete solution are although welcome.
we now have several different opinions , even form microsoft itsself.
for some reason (token) we need to use radius to authenticate vpn-user.
ISA 2004 SP2 in AD 2003
Computer are partly not domain-members and they are geographicly dispersd,
so we fireclient wouldn´t be a prefered solution.
up to here, everything is fine.
now we need to give different users different rights, preferd is based on
groups.
opinions up to now:
a) great, runs
b) fine, should be running - but theres no way to give the
token(radius)-user different rules in isa - we need to (however) add user
who connect without token, so that we can use AD-groups for them
c) works but.... , needs per AD-group (aka RADIUS-rule) one IAS (aka RRAS) -
so that based on different IP´s and portforwarding different RRAS-services
are used
d) maybe working, if you get a authentification somehow, maybe via a
webpublishing (?!??)
e) doesn´t work
f) don´t work
base for all tougths:
http://www.microsoft.com/technet/isa/2004/plan/isaradiusremote.mspx
http://www.microsoft.com/technet/isa/2004/plan/owa_radius.mspx#_Appendix_B:_Best
http://technet2.microsoft.com/WindowsServer/en/library/fc353fbb-4df4-4b36-b14a-20cbbad434941033.mspx?mfr=true
http://www.microsoft.com/technet/isa/2004/help/FW_VPNRadius.mspx?mfr=true
short version:
VPN-User are RADIUS authetificated
in addition isa-rules(paketfilter) are need , based on user or (better)
groupbased rulse
cheers,
Ralf
.
- Prev by Date: Yahoo Messanger
- Next by Date: Setup inside existing firewall
- Previous by thread: Yahoo Messanger
- Next by thread: Setup inside existing firewall
- Index(es):
Relevant Pages
|
Loading
