In this article, I will explain how to configure non-domain FF TMG to allow traffic from domain members and clients.
Log on to FF TMG server as an administrator. In the FF TMG Management console, in the tree, click Firewall Policy>Click on the Tasks tab, click Configure Authentication Server Settings>Click on LDAP Servers Tab.
Click Add to add a LDAP server set>Type name of the LDAP server set.
Click Add to add each LDAP server name, description, and time-out. Time-out is the length of time (in seconds) that Forefront TMG tries to obtain responses from the LDAP server before trying the next LDAP server in the ordered list. Note that you can change the order in which the servers are accessed by using the UP ARROW and DOWN ARROW keys. you can keep time out as default 5 times.
In Domain, provide the fully qualified domain name (FQDN) for Active Directory. Note that this is the domain in which the user accounts are defined, and not the domain to which Forefront TMG is joined. Select Use Global Catalog (GC) if you are using a global catalog.
Select Connect LDAP servers over secure connection if you want to encrypt the LDAP communication (use the LDAPS protocol). You can type the credentials used to connect to Active Directory for verifying user account status and changing account passwords. This provides you with password management functionality for HTML form authentication.
Click OK to close the Add LDAP Server Set dialog box.
In Login Expression, click New to add a login expression. A login expression allows you to assign an LDAP server set to a specific group of users. For example, you can assign one LDAP server set to the users MicrosoftGURU* and another LDAP server set to the users Mydomain*. The login expressions are queried by Forefront TMG in the ordered list. You can change the order using the UP ARROW and DOWN ARROW keys.
Once you finish configuring Authentication, verify your settings. Click Apply>Click Ok.
Finally, you apply changes. Click ok to close.