The FPCUserMapping object represents the user mapping that is used to map VPN clients connecting with an ISA Server computer using a non-Windows authentication method (RADIUS authentication) to mirrored Active Directory accounts in the Windows namespace. The Domain property of the FPCUserMapping object specifies a domain name that ISA Server can combine with a user name in the user mapping process when the user name supplied does not contain a domain name. As a result, access rules that specify user sets containing Windows users and groups are also applied to non-Windows authenticated users that do not use Windows.
When RADIUS authentication with the Challenge Handshake Authentication Protocol (CHAP), the Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP), the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), or any type of the Extensible Authentication Protocol (EAP) is used, the domain specified in the user mapping is used to match the VPN client to a mirrored Active Directory account if the user mapping is enabled. When the Password Authentication Protocol (PAP) or the Shiva Password Authentication Protocol (SPAP) is used, the domain name is always ignored, the VPN client can be matched to an Active Directory account in the local domain if the ISA Server computer belongs to a domain or to a local user account on the ISA Server computer if the ISA Server computer belongs to a workgroup.
The user mapping can be used only when the ISA Server computer belongs to a domain. It should not be enabled in a workgroup environment if CHAP, MS-CHAP, MS-CHAP v2, or EAP is enabled.
Click here to see the ISA Server object hierarchy.
The FPCUserMapping object defines the following methods.
|Refresh||Reads the values of all of the object's properties from persistent storage, discarding any changes that have not been saved.|
|Save||Writes the current values of all of the object's properties to persistent storage.|
The FPCUserMapping object has the following properties.
|Domain||Gets or sets the domain name that ISA Server can combine with a user name in the user mapping process when the user name supplied does not contain a domain name.|
|Enabled||Gets or sets a Boolean value that indicates whether the user mapping is enabled.|
This object implements the IFPCUserMapping interface.
|Client||Requires Windows XP.|
|Server||Requires Windows Server 2003. Requires Windows Server 2003 or Windows 2000 for ISA Server 2004 Standard Edition.|
|Version||Requires Internet Security and Acceleration (ISA) Server 2006 or ISA Server 2004.|
Declared in Msfpccom.idl.