Integrated Windows Authentication not working on a domain network

From: John Lau (johnlau_at_olc.ubc.ca)
Date: 04/29/03 

Date: Tue, 29 Apr 2003 09:50:23 -0700

Hello,

When I enable NT challenge/response on my NT4 web server in a domain
network, the user authentication information is not showing up in the
ServerVariables Account, AUTH_USER, LOGON_USER and REMOTE_USER.

When I enable Integrated Windows Authentication on my W2K Professional
development web server that is not part of a domain, I can see my NTID in
the above ServerVariables. When I enable NT challenge/response on my
production server, the NTID will show up for some users but not for others.
For example, a user who is a local admin on the web server has not problems
authenticating. A user who is not a local admin will get an Internet
Explorer pop-up logon window asking them to logon to the network.

I now think this has to do with trust issues in a domain network. I read
some documentation that suggest this may be the problem, but it did not
clearly explain how I can troubleshoot domain trust issues. I am looking
for clear documentation on how to determine whether this is my problem, and
how-to setup trust if it is. Originally I thought the problem was the COE
software. I thought COE was a VPN type software, but now I think it is
network management software. I no longer think COE is the problem.
However, these are just my guesses. I would really appreciate it if anyone
has a better idea as how to solve my problem.

Thanks, John

Relevant Pages

  • RE: website inside or outside the domain?
    ... it is better not to have domain authentication traffic ... publicly accessible web server in a DMZ, with a DC also in the DMZ ... > webserver is ... network) its not the best model to use. ...
    (Focus-Microsoft)
  • Re: Security risks when running IIS without static ip as localhost
    ... > access this web server, it is purely for developing asp pages which will ... > network to a security risk. ... For example, one vector of compromise is someone receives, say, a worm email ...
    (microsoft.public.inetserver.iis.security)
  • Re: How vulnerable server will become if placed on DMZ ?
    ... >> I have a type of Web Server. ... > protect your internal network from a compromised web server. ... A DMZ can ... > network as compared to what you probably have now, a single firewall. ...
    (microsoft.public.win2000.security)
  • Re: oops again
    ... > When you want expose the web server on the local network to the internet, ... > to the internal IP of your web server. ... > You configure the Firewall on the Router to just block every single port. ... > network but does not prevent your PCs from contacting the Internet. ...
    (microsoft.public.inetserver.iis)
  • Re: NAT Settings for exposing an internal web server to the outside world?
    ... However the client machines that are trying to access the web server are behind the same router. ... Network A: 192.168.6.0/24 Call this the backbone network. ... 192.168.12.0/24 network containing the client machines that are trying to access the web server. ...
    (microsoft.public.windows.server.networking)