I have a publishing rule for an internal website setup with LDAP authentication setup for two different domains, the domain the TMG 2010 is joined to (domain1) and another external domain (domain2). I want users from either domain to be able to authenticate and I thought it was working perfectly, but found that anyone from domain2 can authenticate successfully (anyone can authenticate from domain1, but that's okay).
I have a LDAP user set with the AD group from domain2 that I want to allow access, but the TMG doesn't seem to adhere to this and lets any authenticated user from that domain in. I have added both user sets for domain1 and domain2 to the "This rule applies to requests from the following user set:" under the Users tab in the publishing rule.
Any clues?