[ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 7 Jul 2006 12:42:23 -0500

In ISA 2006, you can use specific LDAP servers and then filter on a
string, such as the string for the log on domain. Very cool.
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
        Sent: Wednesday, July 05, 2006 7:44 PM
        To: Mathieu CHATEAU
        Cc: exchangelist@xxxxxxxxxxxxx
        Subject: [ExchangeList] Re: ISA 2004 as OWA FE and multiple
domains
        
        
        Hi Mathieu,
         
        You could use RADIUS proxy in order to forward to the correct
RADIUS server.
         
        HTH,
        Tom
         
        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://blogs.isaserver.org/shinder/
        Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- ISA Firewalls

         


________________________________

                From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx] 
                Sent: Tuesday, July 04, 2006 12:20 PM
                To: Thomas W Shinder
                Cc: exchangelist@xxxxxxxxxxxxx
                Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and
multiple domains
                
                

                Hello Thomas,

                
                

                the problem is how ISA will find the good exchange to
send the user to.

                And what happens if user A exist in both ? :)

                
                

                As I said before, there is no domain trust.

                
                

                I finally come with two DNS, each poiting to a different
AD+Exchange

                
                

                thanks,

                Mathieu CHATEAU

                
                

                
                

                Tuesday, July 4, 2006, 6:56:19 PM, you wrote:

                
                

                
>

Or with ISA 2006 firewalls, you can use LDAP authentication.

 

Thomas W Shinder, M.D.

Site: www.isaserver.org <http://www.isaserver.org/> 

Blog: http://blogs.isaserver.org/shinder/

Book: http://tinyurl.com/3xqb7

MVP -- ISA Firewalls

 







________________________________

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison

Sent: Sunday, July 02, 2006 12:29 AM

To: Mathieu CHATEAU

Cc: exchangelist@xxxxxxxxxxxxx

Subject: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains




Using webmail.domain.tld & webmail2.domain.tld requires separate certs
unless you go with a wildcard *.domain.tld cert.

 

You'll have to use a RADIUS server per listener; this way, you can
separate them to each domain.







________________________________

From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx]

Sent: Sat 7/1/2006 2:13 PM

To: Jim Harrison

Cc: exchangelist@xxxxxxxxxxxxx

Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains




Hello Jim,

                *

thanks for your answer !




i have many ip but the cert is just for one FQDN...




Do you mean that radius will find in which AD the user exist and then

redirect him to the good exchange ?




cheers,

Mathieu CHATEAU

               

Saturday, July 1, 2006, 5:10:45 PM, you wrote:




JH> http://www.msexchange.org <http://www.msexchange.org/> 

JH> -------------------------------------------------------How many

JH> external IPs do you have to work with?

JH> If you have more than one, the multiple cert idea will work.

JH> Otherwise, you're going to have to use a wildcard cert on the ISA
itself.




JH> Regarding the use auth, all you need to do is use RADIUS for the
non-trusted AD.

JH> FBA can resolve accounts with RADIUS jes' fine, jes' fine...




JH> Make sure you have SP2 and the 916106 rollup installed and take a
read here:

JH> http://support.microsoft.com/kb/884560




JH> -------------------------------------------------------

JH>    Jim Harrison

JH>    MCP(NT4, W2K), A+, Network+, PCG

JH>    http://isaserver.org/Jim_Harrison/

JH>    http://isatools.org <http://isatools.org/> 

JH>    Read the help / books / articles!

JH> -------------------------------------------------------

JH> 




JH> -----Original Message-----

JH> From: exchangelist-bounce@xxxxxxxxxxxxx

JH> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Mathieu
CHATEAU

JH> Sent: Saturday, July 01, 2006 04:07

JH> To: exchangelist@xxxxxxxxxxxxx

JH> Subject: [ExchangeList] ISA 2004 as OWA FE and multiple domains




JH> http://www.msexchange.org <http://www.msexchange.org/> 

JH> -------------------------------------------------------Hello
exchangelist,







JH> I am looking for a temporary solution.

JH> Here is the setup:

JH> One ISA 2004 acting as reverse proxy.

JH> One AD with exchange 2003

JH> One AD with exchange 2003.




JH> I must provide OWA & ActiveSync access to users in both domain from
the ISA 2004.

JH> There isn't domain trust between domains up to now.




JH> I am thinking about doing something like:

JH> webmail.XXX.com/Exchange/

JH> webmail.XXX.com/Exchange2/




JH> or:

JH> webmail.XXX.com/Exxchange/

JH> webmail2.XXX.com/Exchange/




JH> The second looks much easier, but i only have one SSL

JH> certificate, so would have to self generate for webmail2.







JH> I need a temporary workaround, all users will be in one AD in a
month.




JH> I am using formbased on ISA.




JH> Thanks in advance !

JH> Mathieu CHATEAU

JH> http://lordoftheping.blogspot.com
<http://lordoftheping.blogspot.com/> 










JH> -------------------------------------------------------

JH> List Archives: http://www.freelists.org/archives/exchangelist/

JH> MSExchange Newsletter:
http://www.msexchange.org/pages/newsletter.asp

JH> MSExchange Articles and Tutorials:

JH> http://www.msexchange.org/articles_tutorials/

JH> MSExchange Blogs: http://blogs.msexchange.org/

JH> -------------------------------------------------------

JH> Visit TechGenix.com for more information about our other sites:

JH> http://www.techgenix.com <http://www.techgenix.com/> 

JH> -------------------------------------------------------

JH> To unsubscribe visit
http://www.msexchange.org/pages/exchangelist.asp

JH> Report abuse to listadmin@xxxxxxxxxxxxxx







JH> All mail to and from this domain is GFI-scanned.




JH> -------------------------------------------------------

JH> List Archives: http://www.freelists.org/archives/exchangelist/ 

JH> MSExchange Newsletter:
http://www.msexchange.org/pages/newsletter.asp

JH> MSExchange Articles and Tutorials:

JH> http://www.msexchange.org/articles_tutorials/

JH> MSExchange Blogs: http://blogs.msexchange.org/

JH> -------------------------------------------------------

JH> Visit TechGenix.com for more information about our other sites:

JH> http://www.techgenix.com <http://www.techgenix.com/> 

JH> -------------------------------------------------------

JH> To unsubscribe visit
http://www.msexchange.org/pages/exchangelist.asp

JH> Report abuse to listadmin@xxxxxxxxxxxxxx













--

Best regards,

 Mathieu                            mailto:gollum123@xxxxxxx




All mail to and from this domain is GFI-scanned.

                
                

                
                

                
                

                
                

                -- 

                Best regards,

                 Mathieu
mailto:gollum123@xxxxxxx

Other related posts: