+ Post New Thread
Results 1 to 7 of 7
Internet Related/Filtering/Firewall Thread, Authenticating from local domain against remote domain proxy in Technical; I thought I'd open this problem up to hopefully get some different perspectives. The problem is as follows: As a ...
  1. #1

    Join Date
    Jan 2009
    Posts
    12
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Authenticating from local domain against remote domain proxy

    I thought I'd open this problem up to hopefully get some different perspectives. The problem is as follows:

    As a school we support our primary cluster in their ICT and for a significant period of time now they have had to authenticate against our GFL proxy to gain internet access. It has always been a problem to the teachers in the primary's to try and get young children to remember the log on details, and the initial concept of authenticating was to track users browsing habits. This never materialised though and is now used for filtering.

    I'm looking for ideas really how I can get rid of the secondary authentication for internet access. The primary schools log on to the computers within school, all have Windows Server 2003 DC. The secondary authentication then ties into the GFL Smoothwall filtering and I do not think that an ISA server in each school is a viable option as they would then require local filtering also which is unpractical.

    Google throws up interesting options such as ADFS but haven't really found any references to using it in a situation such as this.

    Just wanted to get the opinion of others to see if they've encountered this issue and/or solved it.

    I appreciate any replies.

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,882
    Thank Post
    518
    Thanked 2,486 Times in 1,928 Posts
    Blog Entries
    24
    Rep Power
    838
    An ISA box in each school, with upstream proxy set to your proxy? ie. the ISA boxes take care of the auth stuff, and pass requests on to your server which will handle the filtering?

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454
    Quote Originally Posted by localzuk View Post
    An ISA box in each school, with upstream proxy set to your proxy? ie. the ISA boxes take care of the auth stuff, and pass requests on to your server which will handle the filtering?
    You could do this. A free option would be to use Smoothwall Express. This will allow you to do this.

  4. #4
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    38
    Quote Originally Posted by localzuk View Post
    An ISA box in each school, with upstream proxy set to your proxy? ie. the ISA boxes take care of the auth stuff, and pass requests on to your server which will handle the filtering?
    This is how i would do it as well... perhaps i would replace your server with an TMG array as well.. the you can use TMG firewall chaining

    bio..

  5. #5

    Join Date
    Jan 2009
    Posts
    12
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for your contributions, I'll look into those options

  6. #6

    Join Date
    Jan 2009
    Posts
    12
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I must add though, (apologies for not putting this in my original post), that credentials in the local domain are different than that in the remote domain. Remote domain credentials are required for filtering of staff against students, hence why I wondered if ADFS was of any use as local and remote domain credentials can remain the same but a group be 'agreed' for authorised access. Smoothwall and ISA will assume a single identity from the local domain and not differentiate users

  7. #7

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,882
    Thank Post
    518
    Thanked 2,486 Times in 1,928 Posts
    Blog Entries
    24
    Rep Power
    838
    ADFS doesn't work with ISA or TMG as far as I know. (ISA is now 4 years old, so out of date)

    Also, regarding TMG - as far as I know you can set up 2 upstream proxy settings. ie. you can get it to use the same server but different credentials, based on the authenticated user.

SHARE:
+ Post New Thread

Similar Threads

  1. Authenticating Non domain machines on a RADIUS wireless system using IAS.
    By maniac in forum Network and Classroom Management
    Replies: 5
    Last Post: 11th May 2011, 11:46 PM
  2. having to type in domain.local
    By C3sium in forum Windows
    Replies: 7
    Last Post: 12th October 2010, 02:42 PM
  3. Windows 98 on domain: Local login
    By AntiThesis in forum Windows
    Replies: 18
    Last Post: 7th June 2009, 08:20 PM
  4. Domain Local Admins - Does not have admin rights
    By dhoward_westexetc in forum Windows
    Replies: 2
    Last Post: 7th July 2008, 10:43 AM
  5. Local HOSTS file ignored on a domain
    By eejit in forum Windows
    Replies: 19
    Last Post: 24th June 2005, 02:10 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •