Re: FSO to non domain server UNC?
From: x y (levinson_k@excite.com)
Date: 01/15/03
- Next message: Mario: "Enter Network Password prompt on anonymous site"
- Previous message: x y: "Re: dynamic redirect for non-ssl urls"
- In reply to:(deleted message) Leythos: "Re: FSO to non domain server UNC?"
- Next in thread: Leythos: "Re: FSO to non domain server UNC?"
- Reply:(deleted message) Leythos: "Re: FSO to non domain server UNC?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y" <levinson_k@excite.com> Date: Wed, 15 Jan 2003 13:41:51 -0500
I could be wrong, but I think it shouldn't matter what domain the resources
are in, as long as there is an IUSR or IWAM account in both domains [or
trusted by both domains]. For example, you can have a standalone iis server
in a workgroup, and it can access files in the domain just using the login
ID and password, without specifying the domain.
There should definitely be auditing events. You of course have to enable
auditing on all domain controllers for that domain. If auditing is enabled
for logon failure on all domain controllers and you still see nothing in the
security event logs on the domain controllers, then I would either consider
temporarily enabling auditing of user logon successes [in addition to
auditing logon failures] and/or also install a sniffer onto the web server
to see what traffic is going to where and whether a reply is coming back.
http://securityadmin.info/faq.htm#sniffer
"Leythos" <void@nowhere.com> wrote in message
news:MPG.188f20d3dbfd5405989947@news-server.columbus.rr.com...
> In article <eMYMqiDvCHA.440@TK2MSFTNGP12>, levinson_k@excite.com says...
> > This should work fine. Have you tried enabling auditing on both
machines to
> > see what account is being denied access to where?
>
> Yep, the NAS does not record any attempt to access it by the FSO. There
> is no log in anything that indicates the FSO even tried to get to the
> NAS. I've enabled all security auditing features - it appears as though
> the FSO uses some computer account, and since the computer/NAS are not
> part of the same network there is no auth. for it to access the NAS.
>
> Most articles cover same domain.
>
> > You didn't specify that you had already tried the items below, so I'm
going
> > to be cautious and assume maybe you haven't.
> >
> > You do need to have an identical IWAM or IUSR account set up on the
remote
> > machine, and it needs to have the exact same password as well. This
means
> > you need to change the IIS MMC so that it does not manage the IUSR
password,
> > and you can change or find out what the IUSR and IWAM passwords are set
to
> > in the metabase using the ADSUTIL.VBS command. This command is
documented
> > at www.microsoft.com/support, search for ADSUTIL. The password for that
> > account must be set to the same thing within Windows on both machines
and
> > also in the IIS Metabase.
>
> Been here, done this 8 ways to Sunday - in fact two other admins have
> tried this before me.
>
> Since they two devices are not in the same AD/Domain, and the FSO can
> not be specified as using a user account, it's not possible from what I
> can see.
>
>
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.188e729acfccf00f989943@news-server.columbus.rr.com...
> > > I have two servers, one is a NAS device NAS1 running W2K, the other is
a
> > > standard Windows 2000 Server WEB1. WEB1 is setup as a workgroup
server,
> > > no Active Directory - NAS1 is also not AD and is in it's own
workgroup.
> > >
> > > I have a website running on WEB1 that used a FSO connection to the
NAS1
> > > device "\\192.168.0.X\sharedfolder", but it never connects. I've read
> > > all the articles about passwords and ensuring the IWAM and the
Anonymous
> > > user accounts have the same user/pwd on the NAS as they do on the WEB,
> > > but it just won't connect.
> > >
> > > I can map a drive to NAS1 using net use O: \\192.168.0.X\sharedfolder
> > > somepassword /USER:IWAM_WEB1USER.
> > >
> > > I can get the WEB1 FSO to connect to another domain servers shares,
just
> > > not the Iomega NAS device.
> > >
> > > All this is using IIS/ASP (not .Net).....
> > >
> > > I've tried all the MS KB article fixes....
> > >
> > > Any help would be appreciated.
> > >
> > >
> > >
> > > --
> > > --
> > > Leythos999@columbus.rr.com
> > > (Remove 999 to reply to me)
> >
> >
> >
>
> --
> --
> Leythos999@columbus.rr.com
> (Remove 999 to reply to me)
- Next message: Mario: "Enter Network Password prompt on anonymous site"
- Previous message: x y: "Re: dynamic redirect for non-ssl urls"
- In reply to:(deleted message) Leythos: "Re: FSO to non domain server UNC?"
- Next in thread: Leythos: "Re: FSO to non domain server UNC?"
- Reply:(deleted message) Leythos: "Re: FSO to non domain server UNC?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
