[ExchangeList] Re: ISA 2004 as OWA FE and multiple domains
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "Mathieu CHATEAU" <gollum123@xxxxxxx>
- Date: Wed, 5 Jul 2006 19:43:51 -0500
Hi Mathieu,
You could use RADIUS proxy in order to forward to the correct RADIUS
server.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx]
Sent: Tuesday, July 04, 2006 12:20 PM
To: Thomas W Shinder
Cc: exchangelist@xxxxxxxxxxxxx
Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple
domains
Hello Thomas,
the problem is how ISA will find the good exchange to send the
user to.
And what happens if user A exist in both ? :)
As I said before, there is no domain trust.
I finally come with two DNS, each poiting to a different
AD+Exchange
thanks,
Mathieu CHATEAU
Tuesday, July 4, 2006, 6:56:19 PM, you wrote:
>
Or with ISA 2006 firewalls, you can use LDAP authentication.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Sunday, July 02, 2006 12:29 AM
To: Mathieu CHATEAU
Cc: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains
Using webmail.domain.tld & webmail2.domain.tld requires separate certs
unless you go with a wildcard *.domain.tld cert.
You'll have to use a RADIUS server per listener; this way, you can
separate them to each domain.
________________________________
From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx]
Sent: Sat 7/1/2006 2:13 PM
To: Jim Harrison
Cc: exchangelist@xxxxxxxxxxxxx
Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains
Hello Jim,
*
thanks for your answer !
i have many ip but the cert is just for one FQDN...
Do you mean that radius will find in which AD the user exist and then
redirect him to the good exchange ?
cheers,
Mathieu CHATEAU
Saturday, July 1, 2006, 5:10:45 PM, you wrote:
JH> http://www.msexchange.org <http://www.msexchange.org/>
JH> -------------------------------------------------------How many
JH> external IPs do you have to work with?
JH> If you have more than one, the multiple cert idea will work.
JH> Otherwise, you're going to have to use a wildcard cert on the ISA
itself.
JH> Regarding the use auth, all you need to do is use RADIUS for the
non-trusted AD.
JH> FBA can resolve accounts with RADIUS jes' fine, jes' fine...
JH> Make sure you have SP2 and the 916106 rollup installed and take a
read here:
JH> http://support.microsoft.com/kb/884560
JH> -------------------------------------------------------
JH> Jim Harrison
JH> MCP(NT4, W2K), A+, Network+, PCG
JH> http://isaserver.org/Jim_Harrison/
JH> http://isatools.org <http://isatools.org/>
JH> Read the help / books / articles!
JH> -------------------------------------------------------
JH>
JH> -----Original Message-----
JH> From: exchangelist-bounce@xxxxxxxxxxxxx
JH> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Mathieu
CHATEAU
JH> Sent: Saturday, July 01, 2006 04:07
JH> To: exchangelist@xxxxxxxxxxxxx
JH> Subject: [ExchangeList] ISA 2004 as OWA FE and multiple domains
JH> http://www.msexchange.org <http://www.msexchange.org/>
JH> -------------------------------------------------------Hello
exchangelist,
JH> I am looking for a temporary solution.
JH> Here is the setup:
JH> One ISA 2004 acting as reverse proxy.
JH> One AD with exchange 2003
JH> One AD with exchange 2003.
JH> I must provide OWA & ActiveSync access to users in both domain from
the ISA 2004.
JH> There isn't domain trust between domains up to now.
JH> I am thinking about doing something like:
JH> webmail.XXX.com/Exchange/
JH> webmail.XXX.com/Exchange2/
JH> or:
JH> webmail.XXX.com/Exxchange/
JH> webmail2.XXX.com/Exchange/
JH> The second looks much easier, but i only have one SSL
JH> certificate, so would have to self generate for webmail2.
JH> I need a temporary workaround, all users will be in one AD in a
month.
JH> I am using formbased on ISA.
JH> Thanks in advance !
JH> Mathieu CHATEAU
JH> http://lordoftheping.blogspot.com
<http://lordoftheping.blogspot.com/>
JH> -------------------------------------------------------
JH> List Archives: //www.freelists.org/archives/exchangelist/
JH> MSExchange Newsletter:
http://www.msexchange.org/pages/newsletter.asp
JH> MSExchange Articles and Tutorials:
JH> http://www.msexchange.org/articles_tutorials/
JH> MSExchange Blogs: http://blogs.msexchange.org/
JH> -------------------------------------------------------
JH> Visit TechGenix.com for more information about our other sites:
JH> http://www.techgenix.com <http://www.techgenix.com/>
JH> -------------------------------------------------------
JH> To unsubscribe visit
http://www.msexchange.org/pages/exchangelist.asp
JH> Report abuse to listadmin@xxxxxxxxxxxxxx
JH> All mail to and from this domain is GFI-scanned.
JH> -------------------------------------------------------
JH> List Archives: //www.freelists.org/archives/exchangelist/
JH> MSExchange Newsletter:
http://www.msexchange.org/pages/newsletter.asp
JH> MSExchange Articles and Tutorials:
JH> http://www.msexchange.org/articles_tutorials/
JH> MSExchange Blogs: http://blogs.msexchange.org/
JH> -------------------------------------------------------
JH> Visit TechGenix.com for more information about our other sites:
JH> http://www.techgenix.com <http://www.techgenix.com/>
JH> -------------------------------------------------------
JH> To unsubscribe visit
http://www.msexchange.org/pages/exchangelist.asp
JH> Report abuse to listadmin@xxxxxxxxxxxxxx
--
Best regards,
Mathieu mailto:gollum123@xxxxxxx
All mail to and from this domain is GFI-scanned.
--
Best regards,
Mathieu mailto:gollum123@xxxxxxx
Other related posts:
