Re: Integrated Authentication from XP

From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 01/30/03 

From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com>
Date: Thu, 30 Jan 2003 12:12:30 -0500

I know you say that other versions of windows can access the server, but
Windows integration supposedly does not work through firewalls, and
definitely not through proxy servers. I'm a little fuzzy on the details,
but www.isaserver.org or support.microsoft.com should have additional info
on this. Possibly this is the problem?

"Nick Field" <Nick.Field@Comino.com> wrote in message
news:08437CCD4CBED511A8F10050043880670128A434@COMINO-MAIL1...
> Ok folks... for those interested I have narrowed this down further.
>
> If I browse directly to the web page from XP machine, everything works.
> However - I use ISA Server to re-direct to this web site under certain
> circumstances. It is only on these occasions that the authentication is
> not passed through.
> Again, this is only in XP, it all works fine in other OS'.
>
> Cheers
>
> Nick
>
>
> -----Original Message-----
> From: Nick Field
> Posted At: 30 January 2003 15:08
> Posted To: security
> Conversation: Integrated Authentication from XP
> Subject:
>
> Hi Karl,
> Thanks for a speedy response..
> The site is internal, therefore is part of the intranet zone. I did
> however try adding it to the zone manually and ensuring that it was
> excluded from the proxy.
> (both machines are in the same subnet)
>
> With everything manually added, I still get prompted for username and
> password - The only difference is, now if I cancel the authentication
> window then hit refresh the page loads ok.
> This makes it look like a bug to me - Does not authenticate on first
> request, but does on second....??
>
> I would appreciate any further insights...
>
> Thanks
>
> Nick
>
>
> -----Original Message-----
> From: Karl Levinson [x y] mvp [mailto:jamescagney90210@excite.com]
> Posted At: 30 January 2003 14:23
> Posted To: security
> Conversation: Integrated Authentication from XP
> Subject: Re: Integrated Authentication from XP
>
> Someone else posted the same problem here in the past 2 weeks or so. My
> guess is that perhaps the web site needs to be added to the Local
> Intranet
> zone in internet explorer tools, Internet options, security and/or check
> the
> settings in that zone.
>
> Windows integrated authentication is not really meant for accessing
> sites
> across the internet, so I'm thinking perhaps XP or a newer version of IE
> improved security by preventing windows integrated authentication from
> occurring if the site is not in the local intranet zone. Depending on
> the
> settings, if the URL name was an FQDN name such as
> http://servername.domain.com and/or the IP address is on a different
> subnet,
> IE might not know that it is a local intranet site until you tell it so.
>
> If this turns out to be the case, please let us know.
>
>
> "Nick" <nick.field@comino.com> wrote in message
> news:08f001c2c85f$aac8f460$d3f82ecf@TK2MSFTNGXA10...
> > I have an IIS 5.0 server serving users on a single domain.
> > I have 'Integrated Windows Authentication' enabled.
> >
> > All Windows 98, NT 4 and 2000 users connect, authenticate
> > and gain access to the web site perfectly well. Whenever
> > any of my Windows XP users try they get prompted to enter
> > a username and password. This is happening with ALL my XP
> > users. All XP machines are SP1.
> >
> > Has anyone experienced this?
> >
> > Cheers
> > Nick
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003
>
> 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003

Relevant Pages

  • Re: Authentication window in SPS despite the user is registered
    ... Is the virtual server configured to use Windows Integrated Authentication? ... > user is registered in SPS 2003 and belong to AD, ...
    (microsoft.public.sharepoint.portalserver)
  • Re: NTLM over the Internet
    ... It's also not recommended because 1) windows integrated authentication is ... and 2) it only works for IE and only on Windows. ... The reason given is that ntlm ... I've setup a test server using ntlm over ...
    (microsoft.public.inetserver.iis.security)
  • Re: NTLM over the Internet
    ... Marshall ... It's also not recommended because 1) windows integrated authentication is ... and 2) it only works for IE and only on Windows. ... I've setup a test server using ntlm over ...
    (microsoft.public.inetserver.iis.security)
  • Sharepoint 2003 Server in an Windows NT domain?!!? possible?
    ... Can someone tell me if it is possible to integrate a Sahrepoint 2003 Server ... Any problems with this integration? ... Any limitation in Sharepoint 2003 Server when it's integrated in a Windows ...
    (microsoft.public.sharepoint.portalserver.development)
  • Sharepoint 2003 Server in an Windows NT domain?!!? possible?
    ... Can someone tell me if it is possible to integrate a Sahrepoint 2003 Server ... Any problems with this integration? ... Any limitation in Sharepoint 2003 Server when it's integrated in a Windows ...
    (microsoft.public.sharepoint.portalserver)