Re: Active directory authentication

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 06/21/04 

Date: Sun, 20 Jun 2004 17:00:01 -0700

Don't use public addresses.

If you're using a class C address space (192.168.x.y), you
should be able to supernet your existing subnet to add
addresses... so unless you're supporting more than approx.
65,000 devices you shouldn't have a problem...

Tony Su

>-----Original Message-----
>Hmmm... pretty complicated :)
>This look more like a design problem. I have never
heard "I don't have
>enough private IP addresses an I must use public
addresses". You should
>install and configure just a simple router. there is no
need of ISA Server.
>
>Andrei Ungureanu
>www.eventid.net
>
>
>"Dean" <Dean@discussions.microsoft.com> wrote in message
>news:7F372BDC-9096-4CC6-8B42-702AA6B381DC@microsoft.com...
>> I'm sure this is a simple problem, but I can't find the
solution. I'm
>trying to complete a client logon to an Active Directory
domain, and be able
>to join machines to the domain from behind ISA Server. I
can get everything
>to work thru the ISA server (web browsing, remote
desktop, FTP, etc) except
>whenever I try to add the machine to the domain, or log
into the domain from
>a machine allready joined, I get the "domain unavailable"
error. I don't
>have enough private IP addresses to accomodate all the
machine I take care
>of, so I must find a way to get these machines to
authenticate to the domain
>from a public IP range.
>>
>> Can I authenticate thru ISA Server? What type of
authentication type
>should I use? Should I enable the firewall and use the
client, or setup
>SNAT? I would like to make this invisable to the
machines, so I can join
>machines to the domain, and log into the domain for
client authentication
>like it has one of the private addresses, and all domain
admin functions
>work the same in both address ranges.
>>
>> not asking for much,
>> Dean
>
>
>.
>

Relevant Pages

  • The answer finally!! Although not pretty.
    ... authenticate. ... "After discussing the NoLMHash issue with the developer of the DSClient; ... The DSClient does not change the way the 9x client ... Upgrade to Windows 2K and higher all the machines that you can. ...
    (microsoft.public.windows.server.networking)
  • Re: Controlling Internet access by users/groups
    ... iptables -N HTTP_MSN ... In order to work this way, ISA Server provides a client that is installed ... Those which can are not able to authenticate against ISA Server. ...
    (Fedora)
  • Controlling Internet access by users/groups
    ... We use MS ISA server to restrict Internet access, ... In order to work this way, ISA Server provides a client that is installed at ... Those which can are not able to authenticate against ISA Server. ...
    (Fedora)
  • Re: Problem w/ Integrated Auth -- Receiving User/Pass dialog box against IIS6
    ... Another thing to note is that I see the client attempting to authenticate to ... verify that the site is in the Intranet zone (by eyeballing the icon ... >> machines). ...
    (microsoft.public.inetserver.iis.security)
  • RE: IP filtering using DNS lookup
    ... you can authenticate machines by other ways besides IP addresses... ... Is there a way (using ISA server or an external firewall) to ... > change the permitted IP addresses using a DNS lookup from a dynamic DNS ...
    (microsoft.public.windows.server.sbs)