General discussion

Locked

isa authentication

By elemzy ·
i have an isa server, i configure authentication based on connecting IP adresses using client adress set. but in my usage report, isa shows ip adrresses instead of names.
But when i try to configure authentication based on username/domain password (AD. i found out that isa keeps asking for authentication to view every page/websites.
is there no way to integrate isa with AD? so that permission is picked from AD instead of bogging users.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to isa authentication

absolutely!

create a security group in AD. for those users you want internet access, add them to that group.

In ISA server under servers and arrays, your server, Access Policy, Site & Content Rule create a rule for http access and use that AD group in the "Applies To" portion of the access policy [or modify your existing web access rule Applies To and use the AD group].

Collapse -

by CG IT In reply to

Note: make sure all computers have the ISA server firewall client program installed.

Collapse -

by CG IT In reply to

another note: ONLY those users who are members of that group will get internet access. All others will get the ISA Server policy "denies access" error page. If you want ALL users to have internet access In ISA server site and content rule, applies to, choose "everyone".

Collapse -

by elemzy In reply to

Poster rated this answer.
i did that but isa keeps asking users to authenticate by typing username, passwords and domain before they view any website, this i dont dont want.
isnt isa capable of onetime authentication, based on users login to AD

Collapse -

by CG IT In reply to isa authentication

sheesh heres the step by step [this is on the Microsoft help & support site for ISA server under provide internet access for DSL through ISA server]

Open up ISA server management console. In the left pane expand servers & arrays until you get to your server. Expand Site and Content Rules. If there is a rule there [which there should be, the default allow rule] make sure that rule is enabled. Now create a new rule and name it something like "Internet users allow rule" configure the rule like this. Generals tab, check the box enable this filter, Destinations tab, ALL EXTERNAL, Schedules tab, whatever schedule you want them to have access. suggest you use 24/7 until your sure the damn thing works]. Action tab ALLOW enabled, Applies to tab, specify the AD group you created. HTTP content check ALL content groups.

NEXT, under protocol rule properties make there should be a default rule [if there isn't one create one]the properties for the default rule need to be as follows : Generals tab check the box enable, Action tab Check the button Allow, Protocol tab, make sure ALL IP traffic is shown from the pull down menu, Schedule tab, 24/7 , Applies to tab, the AD group for internet users.

Collapse -

by CG IT In reply to

make sure the firewall client program is running on all workstations that have to have internet access AND make sure the web proxy is a port other than port 80. IIS uses port 80 so ISA server has to use a port other than port 80 to grant users internet access. Usually using the ISA server wizard, the wizard configures it for port 8080. LIST that as the proxy server settings for client computers. ALL clients use the firewall client program proxy server settings. Web browsers have to be configured to use the proxy server settings [or you can use computer GP and specify the settings] either way browsers HAVE to use proxy server.

Collapse -

by CG IT In reply to

now I know this works cuz this is how I have my ISA server configured. If it doesnt work for you , ah well I 'll throw a paper wad, yell boooo and claim operator error.

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums