• Create an LDAP Server Set
  • Create an LDAP User Set
  • Set the Idle Session Timeout for All Firewalls and Network Appliances to 1800 seconds
    		•

    Configure ISA Server 2006 for LDAP Authentication




    Download 1,65 Mb.
    bet15/147
    Sana21.03.2017
    Hajmi1,65 Mb.
    #1016
    1   ...   11   12   13   14   15   16   17   18   ...   147

    Configure ISA Server 2006 for LDAP Authentication


    LDAP authentication is similar to Active Directory authentication, except that the ISA Server computer does not have to be a member of the domain. ISA Server 2006 connects to a configured LDAP server over the LDAP protocol to authenticate the user. Every Windows domain controller is also an LDAP server, by default, with no additional configuration changes required. By using LDAP authentication, you get the following benefits:

       ISA Server 2006 Standard Edition server or ISA Server 2006 Enterprise Edition array members in workgroup mode. When ISA Server is installed in a perimeter network, you no longer need to open all of the ports required for domain membership.

       Authentication of users in a domain with which there is no trust relationship.



    In this section you will do the following:

    For more information about LDAP Configuration, see Appendix B of the Secure Application Publication article on Microsoft TechNet. http://www.microsoft.com/technet/isa/2006/secure_web_publishing.mspx#AppendixB

    Create an LDAP Server Set


    Perform the following procedure to create an LDAP Server set:

       For Standard Edition, perform the following procedure on computer isa01.

       For Enterprise Edition, perform the following procedure on computer storage01.



    To Create an LDAP Server Set

      1. In the console tree of ISA Server Management, click General:

       For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand isa01, expand Configuration, and then click General.

       For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand main, expand Configuration, and then click General.



      2. In the details pane, click Specify RADIUS and LDAP Servers.

      3. On the LDAP Servers Sets tab, click Add to open the Add LDAP Server Set dialog box.

      4. In LDAP server set name, type CorpLDAP.

      5. Click Add, to add each LDAP server name or IP address.

      6. In Server name, type dc01 and click OK.

      7. Click OK to close the Add LDAP Server Set dialog box.

      8. Click New to open the New LDAP Server Mapping dialog box.

      9. In Login expression, type corp\*. In LDAP server set, select CorpLDAP, and click OK.

      10. Click Close to close the Authentication Servers window.


    For more information on LDAP Server settings, see Appendix B: LDAP Configuration in the Microsoft TechNet article, Secure Application Publishing at http://go.microsoft.com/fwlink/?LinkID=87069.

    Create an LDAP User Set


    To authenticate users through LDAP, you need to determine which users to authenticate and who authenticates the users. To do this, you need to create an LDAP user set.

    Perform the following procedure to create an LDAP user set:



       For Standard Edition, perform the following procedure on computer isa01.

       For Enterprise Edition, perform the following procedure on computer storage01.



      1. In the console of ISA Server Management, click Firewall Policy:



    Page

    Field or property

    Setting

    Welcome

    User set name

    Type LDAPUsers.

    Users

    Select the users to include in this user set.

    Click Add, and select LDAP.

    Add LDAP User

    LDAP server set

    User name
    Select CorpLDAP, the LDAP server set from the drop-down list.

    Select All Users in this namespace.



    Note:

    You can also specify user groups or specific user accounts if you do not want all users to be part of this LDAP user set.

    Completing the New User Set Wizard

    Review settings.

    Click Back to make changes and Finish to complete the wizard.



      1. Click the Apply button in the details pane to save the changes and update the configuration.

    Set the Idle Session Timeout for All Firewalls and Network Appliances to 1800 seconds


    In this step, you will modify the idle session timeout time on all firewalls, proxy servers, and other network appliances to accommodate the time required for successful function of the direct push technology.

    The default idle session timeout in ISA Server 2006 is 1800 seconds, so you should not need to modify it.

    For more information about modifying the idle session timeout time, see "Configuring your Firewall for Optimal Direct Push Performance in the Best Practices for Deploying a Mobile Messaging Solution section in this document.

    To confirm the firewall Idle Session Timeout


      1. In the console tree of ISA Server Management, click Firewall Policy.

      2. On the Toolbox tab, click Network Objects.

      3. From the list of folders, expand the Web Listeners node, and view the Properties of appropriate Web Listener.

      4. Select the Connections tab and then click the Advanced… button.

      5. Make sure the Connection Timeout is set at 1800 seconds (30 minutes). Change it if needed.

      6. Click OK twice to accept any change.

      7. Click Apply to make these changes.


    Download 1,65 Mb.
    1   ...   11   12   13   14   15   16   17   18   ...   147




    Download 1,65 Mb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    Configure ISA Server 2006 for LDAP Authentication

    Download 1,65 Mb.