The FPCUserMapping object represents the user mapping that is used to map VPN clients connecting with a Forefront TMG computer using a non-Windows authentication method (RADIUS authentication) to mirrored Active Directory accounts in the Windows namespace. The Domain property of the FPCUserMapping object specifies a domain name that Forefront TMG can combine with a user name in the user mapping process when the user name supplied does not contain a domain name. As a result, access rules that specify user sets containing Windows users and groups are also applied to non-Windows authenticated users that do not use Windows.
When RADIUS authentication with the Challenge Handshake Authentication Protocol (CHAP), the Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP), the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), or any type of the Extensible Authentication Protocol (EAP) is used, the domain specified in the user mapping is used to match the VPN client to a mirrored Active Directory account if the user mapping is enabled. When the Password Authentication Protocol (PAP) or the Shiva Password Authentication Protocol (SPAP) is used, the domain name is always ignored, the VPN client can be matched to an Active Directory account in the local domain if the Forefront TMG computer belongs to a domain or to a local user account on the Forefront TMG computer if the Forefront TMG computer belongs to a workgroup.
The user mapping can be used only when the Forefront TMG computer belongs to a domain. It should not be enabled in a workgroup environment if CHAP, MS-CHAP, MS-CHAP v2, or EAP is enabled.
Click here to see the Forefront TMG object hierarchy.
The FPCUserMapping object defines the following methods.
Reads the values of all of the object's properties from persistent storage, discarding any changes that have not been saved.
Writes the current values of all of the object's properties to persistent storage.
The FPCUserMapping object defines the following properties.
Gets or sets the domain name that Forefront TMG can combine with a user name in the user mapping process when the user name supplied does not contain a domain name.
Gets or sets a Boolean value that indicates whether the user mapping is enabled.
This object implements the IFPCUserMapping interface.
|Client||Requires Windows Vista or Windows XP.|
|Server||Requires Windows Server 2008.|
|Version||Requires Forefront Threat Management Gateway (TMG).|
Declared in Msfpccom.idl.
Build date: 11/30/2009
© 2008 Microsoft Corporation. All rights reserved.