Hi,
Thanks for the reply.
So what you're saying is basically is our ORPS box needs to/can do the AD authentication bit itself? I suppose that makes sense really, because why bother bouncing it off of ISE if it doesn't need to. I had always envisioned sending *everything* back to ISE, come what may. I suppose I can do that (means a lot less config on the ORPS), but then why bother overall. Also it'd probably lighten the load on licences.
Something to ponder there.
--
David Rickard
Systems Manager
IT - Core Systems Team
Buckinghamshire New University
High Wycombe Campus
Queen Alexandra Road
High Wycombe
Buckinghamshire HP11 2JZ
Telephone: 01494 601 649
Facsimile: 01494 524 392
Main Switchboard: 01494 522 141, ext. 1649
bucks.ac.uk
-----Original Message-----
From: Phil Mayers [mailto:[log in to unmask]]
Sent: 29 July 2014 18:03
To: David Rickard; [log in to unmask]
Subject: Re: Organisational Proxy Setup
On 29/07/2014 18:01, Phil Mayers wrote:
> # check for loops
> if (User-Name =~ /^.*@bucks.ac.uk/i) {
> reject
> }
> #
> if (User-Name =~ /^.*@bucks.ac.uk/i) {
> reject
> }
>
Sorry, copy & paste error. Don't need to check it twice...
|