Hi Mathieu, You could use RADIUS proxy in order to forward to the correct RADIUS server. HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx] Sent: Tuesday, July 04, 2006 12:20 PM To: Thomas W Shinder Cc: exchangelist@xxxxxxxxxxxxx Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains Hello Thomas, the problem is how ISA will find the good exchange to send the user to. And what happens if user A exist in both ? :) As I said before, there is no domain trust. I finally come with two DNS, each poiting to a different AD+Exchange thanks, Mathieu CHATEAU Tuesday, July 4, 2006, 6:56:19 PM, you wrote: > Or with ISA 2006 firewalls, you can use LDAP authentication. Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls ________________________________ From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Sunday, July 02, 2006 12:29 AM To: Mathieu CHATEAU Cc: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains Using webmail.domain.tld & webmail2.domain.tld requires separate certs unless you go with a wildcard *.domain.tld cert. You'll have to use a RADIUS server per listener; this way, you can separate them to each domain. ________________________________ From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx] Sent: Sat 7/1/2006 2:13 PM To: Jim Harrison Cc: exchangelist@xxxxxxxxxxxxx Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains Hello Jim, * thanks for your answer ! i have many ip but the cert is just for one FQDN... Do you mean that radius will find in which AD the user exist and then redirect him to the good exchange ? cheers, Mathieu CHATEAU Saturday, July 1, 2006, 5:10:45 PM, you wrote: JH> http://www.msexchange.org <http://www.msexchange.org/> JH> -------------------------------------------------------How many JH> external IPs do you have to work with? JH> If you have more than one, the multiple cert idea will work. JH> Otherwise, you're going to have to use a wildcard cert on the ISA itself. JH> Regarding the use auth, all you need to do is use RADIUS for the non-trusted AD. JH> FBA can resolve accounts with RADIUS jes' fine, jes' fine... JH> Make sure you have SP2 and the 916106 rollup installed and take a read here: JH> http://support.microsoft.com/kb/884560 JH> ------------------------------------------------------- JH> Jim Harrison JH> MCP(NT4, W2K), A+, Network+, PCG JH> http://isaserver.org/Jim_Harrison/ JH> http://isatools.org <http://isatools.org/> JH> Read the help / books / articles! JH> ------------------------------------------------------- JH> JH> -----Original Message----- JH> From: exchangelist-bounce@xxxxxxxxxxxxx JH> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Mathieu CHATEAU JH> Sent: Saturday, July 01, 2006 04:07 JH> To: exchangelist@xxxxxxxxxxxxx JH> Subject: [ExchangeList] ISA 2004 as OWA FE and multiple domains JH> http://www.msexchange.org <http://www.msexchange.org/> JH> -------------------------------------------------------Hello exchangelist, JH> I am looking for a temporary solution. JH> Here is the setup: JH> One ISA 2004 acting as reverse proxy. JH> One AD with exchange 2003 JH> One AD with exchange 2003. JH> I must provide OWA & ActiveSync access to users in both domain from the ISA 2004. JH> There isn't domain trust between domains up to now. JH> I am thinking about doing something like: JH> webmail.XXX.com/Exchange/ JH> webmail.XXX.com/Exchange2/ JH> or: JH> webmail.XXX.com/Exxchange/ JH> webmail2.XXX.com/Exchange/ JH> The second looks much easier, but i only have one SSL JH> certificate, so would have to self generate for webmail2. JH> I need a temporary workaround, all users will be in one AD in a month. JH> I am using formbased on ISA. JH> Thanks in advance ! JH> Mathieu CHATEAU JH> http://lordoftheping.blogspot.com <http://lordoftheping.blogspot.com/> JH> ------------------------------------------------------- JH> List Archives: //www.freelists.org/archives/exchangelist/ JH> MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp JH> MSExchange Articles and Tutorials: JH> http://www.msexchange.org/articles_tutorials/ JH> MSExchange Blogs: http://blogs.msexchange.org/ JH> ------------------------------------------------------- JH> Visit TechGenix.com for more information about our other sites: JH> http://www.techgenix.com <http://www.techgenix.com/> JH> ------------------------------------------------------- JH> To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp JH> Report abuse to listadmin@xxxxxxxxxxxxxx JH> All mail to and from this domain is GFI-scanned. JH> ------------------------------------------------------- JH> List Archives: //www.freelists.org/archives/exchangelist/ JH> MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp JH> MSExchange Articles and Tutorials: JH> http://www.msexchange.org/articles_tutorials/ JH> MSExchange Blogs: http://blogs.msexchange.org/ JH> ------------------------------------------------------- JH> Visit TechGenix.com for more information about our other sites: JH> http://www.techgenix.com <http://www.techgenix.com/> JH> ------------------------------------------------------- JH> To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp JH> Report abuse to listadmin@xxxxxxxxxxxxxx -- Best regards, Mathieu mailto:gollum123@xxxxxxx All mail to and from this domain is GFI-scanned. -- Best regards, Mathieu mailto:gollum123@xxxxxxx