Re: AD Auth for standalone ISA in DMZ
- From: doug.masters@xxxxxxxxx
- Date: Wed, 27 Jun 2007 07:52:18 -0700
On Jun 25, 5:19 pm, doug.mast...@xxxxxxxxx wrote:
Standalone ISA 2006, single nic, in a DMZ. I need to configure ISA
to poll AD to see if a user is allowed access to the internet or
not. The network boys tell me that they have port 389 open between
my ISA server and my DC's.
The information I'm finding is about using LDAP to authenticate
incoming traffic, and I want to authenticate outbound traffic.
OK, I didn't provide much info, so let me add more about what's been
done and what's been tested.
1. The Network boys finally got 389 open, previously I could not
telnet on port 389 to the DC's and now I can.
2. System Policy #1 (Authentication Services) has been enabled. I
created a Computer Set for the DC's and applied them to the
destination of the System Policy.
3. Under Specify RADIUS and LDAP Servers, I created an LDAP Server
Set with the two DC's, the FQDN is entered, the Use Global Catalog box
is checked, and a valid username & password are entered. The
login Expression to <domain>\* and LDAP Server Set is set.
4. When I try to create a new User Set, I choose the LDAP Server Set
I created and enter the group name of the AD Group that is allowed
internet access. After clicking OK I get a username/password prompt,
after entering that I get the error "None of the configured LDAP
servers are available for verifying the user."
What, if anything, am I missing?
.
- Follow-Ups:
- Re: AD Auth for standalone ISA in DMZ
- From: Jim Harrison \(ISA SE\)
- Re: AD Auth for standalone ISA in DMZ
- References:
- AD Auth for standalone ISA in DMZ
- From: doug . masters
- AD Auth for standalone ISA in DMZ
- Prev by Date: RE: ISA 2006 - RPC errors since installation
- Next by Date: Active directory
- Previous by thread: AD Auth for standalone ISA in DMZ
- Next by thread: Re: AD Auth for standalone ISA in DMZ
- Index(es):
Relevant Pages
|
