We have a server that is externally accessible. The intranet has a user database associated to it (that is different from our main user ad)
That works fine.
We then need an internal authentication via AD that will take us to the external server. This doesnt work!
How do you lot deal with staff authenticated externaly available sites?
Depending on what you are hosting you intranet with (LAMP, IIS, etc) or whether you are based round a CMS / VLE / MLE (or other TLA) you have a few options.
In apache you have PAM which can allow you to authenticate against AD (and then write the details into a file that you can look at later) ... this takes a bit of setting up and the Linux crew will be able to help more with this than me.
In IIS you have a basic option of changing the security permissions on certain folders not to allow the IUSR_Machinename accessm but to allow domain users ... meaning that a login window pops up. Very basic and not very granular.
More details at http://www.windowsitpro.com/Article/...217/40217.html
Other options include using an ASP login page to authenticate against the database and if it fails the authenticate against the AD ... writing the successful password into the database. I remember seeing an example of this on the M$ scripting tutorials about 2 years ago ... that would be a good place to start as well as the IIS technical resource page.
A number of VLE / CMS solutions can allow you AD authentication. Moodle (free) and FirstClass (from Open Text) are what we use and they both work with the AD.
Funkier commercial solutions also exist.
Couldn't you use basic authentication in IIS and SSL?
Well our server is a Linux machine with Moodle on it. Moodle understands how to deal with AD directly with LDAP (well not quite, but its fairly easy once you know what to type in the relevant box).
OTOH MRBS requires some voodoo with Samba, Kerberos, LDAP and WinBind. Its the same basic principle as Squid uses. Shout for further help if you need it.
Ok some clarification.
This is a server that is purely a web server and is not connected to our internal domain in any way, so I cant directly apply the internal authentication to it (we not to authenticate against the AD)
I have heard mention of SSL with LDAP, but am not sure how I go about setting up LDAP on our AD.
What platform?
Me thinks Me.Confused = True
BUT SHOUTS for help as per Geoffs suggestion lol.
www.w3schools.com would be a good place to start imho and also webwizguide.com for IIS related issues.
Not really sure how to authenticate against AD but I am guessing that will be an LDAP issue that or ADSI ( As im not really certain what you would need to use for that ) Am still learning that myself lol obviously.
Would be nice to get a working example of it if anyone figures it out.
The exact site for webwizguide is :
http://webwizguide.com/asp/tutorials/default.asp
And they have other sub menus / links on that site for other things obviously but that will show you how to configure IIS, and also the FAQ section or one of the other sections has a page of Error Messages that you may get and gives you pretty good possible soltions to those error messages and what they mean more or less ( I thought it was pretty good anyway )
THe server that has the site on is windows 2003 with IIS6
This is the externally accessible server that will need a login box to pop up
The server that is internal is Windows 2000 with IIS5 and is the server that needs to authenticate against the domain, that will let staff group members in without a login.
Use RADIUS to authenticate when servers are not connected to domains. Windows has a RADIUS server built in but not enabled its called Internet Authentication Server (IAS).
I think IIS support RADIUS because it uses basic authentication. Make sure you secure the traffic by SSL for the password bit anyway.
Ashok.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote