Re: How To:Windows Integrated Security and workgroups

From: John Blair (john_blair_at_hotmail.com)
Date: 03/04/05

Next message: Alessandro Zucchi: "problem with slidingExpiration"
Previous message: Pascal.Landry: "problem with SetAuthCookie"
In reply to: Joe Kaplan $MVP - ADSI$: "Re: How To:Windows Integrated Security and workgroups"
Next in thread: Joe Kaplan $MVP - ADSI$: "Re: How To:Windows Integrated Security and workgroups"
Reply: Joe Kaplan $MVP - ADSI$: "Re: How To:Windows Integrated Security and workgroups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 04 Mar 2005 16:36:48 GMT

Thanks again! But still having no joy.

I entered the server name (winxp1) and the login prompt just got represented
furhter 2 times and then logon failure msg!

I tried your second suggestion basic authentication - i entered a default
domain name and that appeared in the domain box on my remote pc login
prompt - but still login failure!

on IIS my anonymous account is say Johnny Blair - the anonymous user is
listed as WINXP1\Johnny Blair - now in attempting to logon remoted i use
Johnny Blair - but also tried WINXP1\Johnny Blair . The error message
suggesting altering the local security policy and adding the name name
Johnny Blair to logon locally - but that user is an admistrator and
administrators are already presented - so i added it anyway but it didnt
help - ive gone back to anonymous login! Any ideas appreciated. Thanks.

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:%235mKOBNIFHA.3076@tk2msftngp13.phx.gbl...
> Ah, for that you need to put in the machine name of the web server
> (assuming the accounts are local on the web server).
>
> If you use Basic authentication (and SSL), you can set up a default domain
> in the IIS settings that will take care of this for you.
>
> Joe K.
>
> "John Blair" <john_blair@hotmail.com> wrote in message
> news:Rb%Vd.1499$IQ5.1276@newsfe1-gui.ntli.net...
>> Thanks for the reply.
>>
>> Yes my users have a local PC account and i have created one for them on
>> the web server - the trouble is when prompted for login on the webserver
>> they are asked for the domain - BUT i dont have a domain - only a
>> workgroup - so i dont know why i get prompted for a domain as i have no
>> way of satisfying that part of the user credentials! Thanks anyway.
>>
>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
>> wrote in message news:O$d%23zqMIFHA.904@tk2msftngp13.phx.gbl...
>>> They will either need a local account on your web server or an account
>>> in a domain that your web server trusts. Your web server will not trust
>>> their local machine accounts, so you won't be able to use them.
>>>
>>> If you don't have a domain available and accounts for your users in the
>>> domain, I'm not sure using integrated authentication will work out so
>>> great. Essentially the users will have a local account they log in to
>>> their workstation with and a domain account or account on the web server
>>> that may have a different name and password. That becomes a lot of
>>> extra stuff to look after, especially if you have a lot of users.
>>>
>>> Joe K.
>>>
>>> "John Blair" <john_blair@hotmail.com> wrote in message
>>> news:RHYVd.585$A01.390@newsfe5-gui.ntli.net...
>>>> Hi,
>>>>
>>>> I have setup my website to use windows integrated security in IIS (and
>>>> disabled anonymous access) also added <identity impersonate="true"/> in
>>>> the web.config file. Now whenever a PC on my intranet tries to visit
>>>> the website the network logon prompt for my server appears (as
>>>> expected). The problem is that the user is prompted to enter a domain -
>>>> but my lan PCs are all part of a workgroup NOT a domain - how can i get
>>>> the login to ask for workgroup instead of domain - or not ask for a
>>>> domain at all? Thanks a lot!
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Next message: Alessandro Zucchi: "problem with slidingExpiration"
Previous message: Pascal.Landry: "problem with SetAuthCookie"
In reply to: Joe Kaplan $MVP - ADSI$: "Re: How To:Windows Integrated Security and workgroups"
Next in thread: Joe Kaplan $MVP - ADSI$: "Re: How To:Windows Integrated Security and workgroups"
Reply: Joe Kaplan $MVP - ADSI$: "Re: How To:Windows Integrated Security and workgroups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Unknown Domain user - domain authentication appears limited
... (using cached login). ... Microsoft MVP (Windows Server System: Security) ... > due to the following error: Logon failure: the user has not been granted ...
(microsoft.public.windows.server.security)
Re: Domain Administrator cannot logon to SBS 2003 LOCALLY
... login are involved. ... I have concern when you mentioned Veritas Backup. ... It is a SBS Server ... > 'The user has not been granted the requested logon type at this machine'! ...
(microsoft.public.security)
Re: IISRESET needed for clients to reestablish TS-connection
... In the meantime i have also fixed the Network Policy Event error. ... I hope this might have been the login failures on our TS through TS Gateway. ... This event is generated when a logon session is destroyed. ... Our clients are able to reconnect to the Terminal Server after this ...
(microsoft.public.windows.terminal_services)
Re: Cannot login to DC
... I don't know how the server got to this state (nor does anyone at this ... >>> on the normal login (it shouldn't really be better than any ... Or more specifically failing to logon ... > administrator account. ...
(microsoft.public.win2000.active_directory)
gdm hangs
... gdm will hang 9 of 10 times when logging out. ... with or without the client having been connected to the Server. ... # Timed login, useful for kiosks. ... Must output the chosen host on stdout, ...
(Debian-User)