Block anonymous traffic, grant forms based authentication to non authenticated users
-
mercoledì 20 giugno 2012 10:34
Hi all,
I wanna do the following at my network.
Block and identify all anonymous traffic at my network.
All authenticated users can go to internet ok
But unathenticated users are unable to go to internet, how can i authenticated them to the ldap server because their pc is not on the domain, for example an external user that brings his pc .....
Tutte le risposte
-
mercoledì 20 giugno 2012 13:29
Hi,
if you want to block "all" anonymous traffic, all clients must have the TMG client installed. The TMG client allows Firewall policy rules based on users / user groups for all TCP/UDP protocols (no other protocols).
To get the TMG client working, the clients must be a member of the domain where TMG Server is also part of this domain.
For all users / clients which are not part of the domain you cannot use the TMG client. You have to use RADIUS for authentication but that has some limitations:
http://technet.microsoft.com/en-us/library/bb794762.aspx
http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-Using-LDAP-RADIUS-Authentication.htmlregards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
- Proposto come risposta Nick Gu - MSFTMicrosoft Contingent Staff, Moderator giovedì 21 giugno 2012 06:30
- Contrassegnato come risposta Nick Gu - MSFTMicrosoft Contingent Staff, Moderator mercoledì 27 giugno 2012 01:27
-
mercoledì 20 giugno 2012 14:20
Ok that's what i was thinking about.
All my domain clients have the TMG Client already, but i don't have any radius server..... and can't i just have a box requesting a user and password for those outsiders users .....
.png)
