>Aside from the built-in NT Domain option, it is technically feasible, >though AFAIK not field-proven, that you could link Imail to an LDAP >server such as Active Directory using OBBC. This would be a read-only >connection with obvious limitations. Imail doesn't speak RADIUS >natively.
This is what I was hoping someone had perhaps worked out already! :-) We can't be the only folks trying to secure our network. Win2K can support Radius, LDAP, and Kerberos authentication. Even SP2 of Exchange (pucker factor on) now offers LDAP as a DMZ authentication option. >You can just put them in the same domain, period--one as BDC and one >as PDC. No reason to use trusts. The ports and the like are documented >all over the net. BUT...be aware that you are opening up NetBIOS >ports, which may be exactly why you have a DMZ! Ouch!!! That is not an option. We are trying to protect our internal network, so having any DC (other than a seperate one-way trusted domain) is out. Inbound Radius, LDAP or Kerberos authentication would be ideal, particularly if we could control the ports. I cringe at the thought of NetBios. Otherwise, should this DC be compromised, we are sitting ducks for all our severs. Are there any plans by IPSwitch to add some additional authentication mechanisms? Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
