Re: Problem using RADIUS authentication on OWA web publishing rule

From: Davor Perat (davor.perat_at_del_this.perpetuum.hr)
Date: 11/19/04

  • Next message: Philip Herlihy: "Re: Question regarding Outlook 2000" 
    Date: Fri, 19 Nov 2004 09:01:22 +0100

    Yes, I am talking about RSA and something simillar. Thanx for yours replays.

    Davor

    "S. Pidgorny <MVP>" <SPidgornyMVP@discussions.microsoft.com> wrote in
    message news:6CB66306-C74E-44D0-BC4B-73A11023BE12@microsoft.com...
    > Is your "dynamic passwords" RSA SecurID or other one-time password system?
    >
    > We had this problem with SecurID, trying to adopt it for Web
    > authentication.
    > The problem is, every time you authenticate against ACE Server, current
    > password expires, and subsequent authentications (that may be required for
    > al
    > frames, or all HTML objects - depends on many factors) will have to use
    > new
    > passwords.
    >
    > We came to conclusion that SecurID is good enough for VPN and telnet
    > authentication but not for Web.
    >
    > Regards
    >
    > S.
    >
    > "Davor Perat" wrote:
    >
    >> Hello!
    >>
    >> I have a problem when using RADIUS authentication on OWA web publishing
    >> rule.
    >>
    >> Description:
    >>
    >> As I must use two types of authentication (RADIUS and FBA), I have use
    >> article found on ISAServer.org "ISA Server 2004: Supporting Both Basic
    >> and
    >> Forms-based Authentication with a Single External IP Address and Web
    >> Listener" to setup a configuration that uses 2 listeners, only external
    >> listener uses RADIUS, and internal listener uses FBA.
    >>
    >> Problem:
    >>
    >> Everything work fine when I authenticate to RADIUS server with static
    >> passwords, but problems occure when i try to authenticate to RADIUS
    >> server
    >> with dynamic passwords. Problem is that while user is browsing OWA site
    >> ISA
    >> repeatedly sends authentication requests to RADIUS Server. When dynamic
    >> password changes, user is required to login again. Is there a way to
    >> force
    >> ISA to authenticate only once in the beggining of session, and stay
    >> authenticated during complete OWA session?
    >>
    >> Davor
    >>
    >>
    >>
    >>

  • Next message: Philip Herlihy: "Re: Question regarding Outlook 2000"

    Relevant Pages

    • Re: use of RADIUS
      ... trying to access with the authentication type set to WebAuth. ... User opens up application, Netscreen sees host has authenticated and ... No RADIUS necessary. ... If it did and I installed a RADIUS server inside I am curious how the ...
      (comp.security.firewalls)
    • Cisco Security Advisory: RADIUS Authentication Bypass
      ... Cisco Security Advisory: RADIUS Authentication Bypass ... Cisco has made free software available to address this vulnerability. ...
      (Bugtraq)
    • [Full-disclosure] Cisco Security Advisory: RADIUS Authentication Bypass
      ... Cisco Security Advisory: RADIUS Authentication Bypass ... Cisco has made free software available to address this vulnerability. ...
      (Full-Disclosure)
    • Re: Cisco 1200 EAP setup
      ... I am unfamiliar with windows radius, unix uses a shared secret, does ... authenticate wireless users using EAP to our Windows RADIUS server. ... authentication request to the RADIUS server. ... AAA Authentication debugging is on ...
      (comp.dcom.sys.cisco)
    • Re: use of RADIUS
      ... > trying to access with the authentication type set to WebAuth. ... No RADIUS necessary. ... I tried looking for manuals before asking ... If it did and I installed a RADIUS server inside I am curious how ...
      (comp.security.firewalls)