Konne <bridge_stone@gmx.net> wrote:
Freeradius looks in the ActiveDirectory if the user exists and has the rights to connect to the internet. if the authentication is ok, the user must surf over a ISA because there is installed websense.
That's not helpful. You're saying that even though you know only authenticated users access your net, you still make them authenticate again?
is it possible to have a transparent authentication through the isa-server. i mean if the client is in the condition that he can send the ntlm authentication, that he doestn't have to authenticate twice times. one time on the chillispot and the second on the isa server. is there any possibilty?
The only way to do that is if the RADIUS server can tell the isa that the user is OK, and they don't have to be authenticated. See the isa docs for if this is possible, and if possible, how. Then write a script on FreeRADIUS to send the information isa needs. In general, what you want to do is difficult, because most people don't do it. And most people don't do it because authenticating people twice is pointless/ Alan DeKok.