[isalist] Re: Question on LDAP authentication in ISA2k6

• From: "Han Valk" <Han.Valk@xxxxxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Fri, 13 Oct 2006 09:42:02 +0200

http://www.ISAserver.org
-------------------------------------------------------

So my assumtion that LDAP authentication in ISA2k6 uses a standard LDAP bind
is wrong? There is an undocumented way to do an LDAP authentication against a
domain controller?
Don't get the wrong impression I'm not playing the wise guy I'm just
interested in how it's done.

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Friday, October 13, 2006 00:43
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Question on LDAP authentication in ISA2k6
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> That's incorrect. 
> Authentication has no mandatory relationship to encryption.
> 
> ISA communication to CSS ADAM is *always* encrypted.
> ISA communication to AD or other LDAP is encrypted *if* the 
> destination allows and accepts it.
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Han Valk
> Sent: Thursday, October 12, 2006 10:29
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Question on LDAP authentication in ISA2k6
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Because I want to know if there's any encryption involved. 
> Simple LDAP bind = clear text credentials. Non-simple bind = 
> possibility to use encryption. 
> 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Thursday, October 12, 2006 18:46
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Question on LDAP authentication in ISA2k6
> > 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >   
> > Not documented, not scannable (encrypted, even without SSL). 
> > Why is this interesting to you?
> > 
> > -------------------------------------------------------
> >    Jim Harrison
> >    MCP(NT4, W2K), A+, Network+, PCG
> >    http://isaserver.org/Jim_Harrison/
> >    http://isatools.org
> >    Read the help / books / articles!
> > -------------------------------------------------------
> >  
> > 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Han Valk
> > Sent: Thursday, October 12, 2006 09:09
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Question on LDAP authentication in ISA2k6
> > 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >   
> > Hi list,
> > 
> > I assume that LDAP authentication in ISA2k6 works using a 
> LDAP bind. 
> > What kind of bind is used, simple bind or non-simple bind? Or is my 
> > assumption wrong?
> > 
> > Regards,
> > Han Valk.
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials: 
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials: 
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• References:
  • [isalist] Re: Question on LDAP authentication in ISA2k6
    • From: Jim Harrison

Other related posts:

• » [isalist] Question on LDAP authentication in ISA2k6
• » [isalist] Re: Question on LDAP authentication in ISA2k6
• » [isalist] Re: Question on LDAP authentication in ISA2k6
• » [isalist] Re: Question on LDAP authentication in ISA2k6
• » [isalist] Re: Question on LDAP authentication in ISA2k6
• » [isalist] Re: Question on LDAP authentication in ISA2k6

1. Home
2. isalist
3. Archive
4. 10-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---