FPCUserMapping Object

The FPCUserMapping object represents the user mapping that is used to map VPN clients connecting with a Forefront TMG computer using a non-Windows authentication method (RADIUS authentication) to mirrored Active Directory accounts in the Windows namespace. The Domain property of the FPCUserMapping object specifies a domain name that Forefront TMG can combine with a user name in the user mapping process when the user name supplied does not contain a domain name. As a result, access rules that specify user sets containing Windows users and groups are also applied to non-Windows authenticated users that do not use Windows.

When RADIUS authentication with the Challenge Handshake Authentication Protocol (CHAP), the Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP), the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), or any type of the Extensible Authentication Protocol (EAP) is used, the domain specified in the user mapping is used to match the VPN client to a mirrored Active Directory account if the user mapping is enabled. When the Password Authentication Protocol (PAP) or the Shiva Password Authentication Protocol (SPAP) is used, the domain name is always ignored, the VPN client can be matched to an Active Directory account in the local domain if the Forefront TMG computer belongs to a domain or to a local user account on the Forefront TMG computer if the Forefront TMG computer belongs to a workgroup.

The user mapping can be used only when the Forefront TMG computer belongs to a domain. It should not be enabled in a workgroup environment if CHAP, MS-CHAP, MS-CHAP v2, or EAP is enabled.

The FPCUserMapping object can be accessed through the RADIUSUserMapping property of the FPCVpnConfiguration object.

Click here to see the Forefront TMG object hierarchy.

Methods

The FPCUserMapping object defines the following methods.

Method Description

Refresh

Reads the values of all of the object's properties from persistent storage, discarding any changes that have not been saved.

Save

Writes the current values of all of the object's properties to persistent storage.

Properties

The FPCUserMapping object defines the following properties.

Property Description

Domain

Gets or sets the domain name that Forefront TMG can combine with a user name in the user mapping process when the user name supplied does not contain a domain name.

Enabled

Gets or sets a Boolean value that indicates whether the user mapping is enabled.

Interfaces for C++ Programming

This object implements the IFPCUserMapping interface.

Requirements

Client Requires Windows Vista or Windows XP.
Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).
IDL

Declared in Msfpccom.idl.

See Also

COM Objects


Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.