Hi guys,
My TMG 2010 is Single NIC / joined to corporate domain.
Need is for Corporate Extranet, users are coming from differents Active Directory forests/domains and we are using FIM to gather all users identity in single meta Directory => AD LDS.
In ADLDS Users are created as userProxy object.
A good reference for Understanding Proxy Authentication in AD LDS: http://technet.microsoft.com/en-us/magazine/2008.12.proxy.aspx?pr=blog
Authentication method: Web publishing rule / No delegation, but client may authenticate directly / Web listener FBA with LDAP.
I made some tests to configure LDAP authentication with AD DS and everything is fine. :) But when I try to use LDAP authentication with AD-LDS (Where Users are userProxy object), it's seem it's not working ?
I followed this link: http://technet.microsoft.com/en-us/library/dd440987.aspx
I made a couple of network traces and I can see during both LDAP authentication AD DS or AD LDS "Sucessfull Bind request and response".
=> For LDAP authentication AD DS, Users gains access to web site.
=> For LDAP authentication AD LDS, FBA again and again...
In TMG Logs I found this slight difference for AD LDS " -- green-- HTTP status code: 234 More data is available" ?
Hence my question: Does TMG support LDAP authentication on AD LDS for "userProxy" object ?
Any hints would be appreciate :)
Stephane
Please remember to click “Mark as Answer” on the post that helps you. This posting is provided "AS IS" with no warranties. knowledge is valid only if it is shared by All.
My DPM blog Yet Another DPM Blog