Re: AD Authentication in a DMZ (up) ?

Hi
- You'll need to open the necessary ports between DMZ and internal to allow
authentication.



--
===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"Pascal" <pascal_t@xxxxxxxxxxxxxxxxxx> wrote in message
news:mn.5ac07d7ae674d1fa.70874@xxxxxxxxxxxxxxxxxxxxx
Hi,

anybody has ideas or documentations about this classical question please ?

Thank you

Hi,

we have an application in our DMZ that needs to use Active Directory
database for authentication.

Of course our AD domain controllers are in our LAN.

Is there a secure way to use AD Authentication for applications
localized in a DMZ ?

Thanks a lot.

Regards,

Pascal


One option is to use ADAM with userProxy objects which will forward
authentication requests to Your AD in LAN.

Other option is to use ADFS, but your application will have to be tested
if it will work with ADFS.

Third option is AD forest in Your DMZ which will have trust relationship
with Your main AD (I don't like such solution but this is also an
option)

Thank you Thomas,

Why the third option is less secure than ADFS or ADAM ?

Is there another solution with a radius in the DMZ that will forward the
authentication request to the DC in the LAN ?

Thanks

--
Pascal




.

Relevant Pages

  • Re: AD Authentication in a DMZ (up) ?
    ... ADFS or a specific forest only for Applications ressources. ... Can we use a RADIUS proxy in the DMZ that will sned authentication request from DMZ to DCs? ... Why the third option is less secure than ADFS or ADAM? ...
    (microsoft.public.windows.server.active_directory)
  • RE: AD in the DMZ . . . OK?
    ... If the only thing needed is authentication with userid/password, ... If I were to expose any AD domain to the DMZ, ... > interaction with one of our expert instructors. ... > Attend a course taught by an expert instructor with years of ...
    (Security-Basics)
  • Re: [SLE] cyrus configuration
    ... >>(I really don't want plaintext passwords unless it's between my LAN and DMZ) ... I have plaintext authentication against my /etc/passwd file. ... email server and since IMAP is only from the LAN it might be OK. ... I'm still not sure how to limit a DMZ service to a LAN subnet only. ...
    (SuSE)
  • Re: AD Authentication in a DMZ ?
    ... Is there a secure way to use AD Authentication for applications localized in a DMZ? ... One option is to use ADAM with userProxy objects which will forward authentication requests to Your AD in LAN. ... Other option is to use ADFS, but your application will have to be tested if it will work with ADFS. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Authentication on a DMZ ?
    ... How can I publish an application that is on my DMZ and that is using Active Directory authentication? ... The ports listed in our article only refers to ports needed to be open for replication, ... I dont want to put a domain controller on the DMZ for security reason. ... I would prefer to let the DC on the LAN and to configure my IIS Webserver in the DMZ to use "AD Authentication". ...
    (microsoft.public.windows.server.active_directory)
Loading