Re: IIS 5 Integrated Windows Authentication problem
From: Paul Deneen (paul_at_carbide.com)
Date: 04/30/03
- Next message: Scott Dever: "IIS Lockdown tool."
- Previous message: Dominic: "Re: Permissions problem using IIS 4.0 and Windows NT 4 Server (Intranet)"
- In reply to: Lisa Cozzens [MSFT]: "Re: IIS 5 Integrated Windows Authentication problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Apr 2003 16:16:56 -0700
Thank you Lisa, that's a handy reference.
The error is 401.1 - logon failed.
NTFS permissions currently set to administrators - full
control, but same issue with authenticated users.
Remember that basic authentication works with same
accounts and folders, as does interactive logon.
Is there something in local security policies that is
enabled or maybe a service (NT LM Security Support
Provider is running) that might be stopped that should be
running?
Thanks for the help.
>-----Original Message-----
>If you enter a username/password three times, you should
see an error
>message and an error code, probably a 401.something. The
following article
>may help you figure out what's going on:
>318380 IIS Status Codes
>http://support.microsoft.com/?id=318380
>
>Most likely it will be a 401.3, Access denied due to ACL
on resource,
>indicating that either your NTFS permissions or logon
rights are not
>correct. Can you log in using an administrator account,
or do all accounts
>fail? What do the NTFS permissions look like on the files
you're trying to
>access?
>
>Lisa
>
>--------------------
>> Content-Class: urn:content-classes:message
>> From: "Paul Deneen" <paul@carbide.com>
>> Sender: "Paul Deneen" <paul@carbide.com>
>> References: <044101c30e5b$4cb9be80$a001280a@phx.gbl>
><b8m1ji$mmt6@kcweb01.netnews.att.com>
>> Subject: Re: IIS 5 Integrated Windows Authentication
problem
>> Date: Tue, 29 Apr 2003 11:28:40 -0700
>> Lines: 59
>> Message-ID: <012c01c30e7d$27f3dd20$a401280a@phx.gbl>
>> MIME-Version: 1.0
>> Content-Type: text/plain;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: 7bit
>> X-Newsreader: Microsoft CDO for Windows 2000
>> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>> Thread-Index: AcMOfSfzIruG4hzbR0aK37zJXWTKMw==
>> Newsgroups: microsoft.public.inetserver.iis.security
>> Path: cpmsftngxa06.phx.gbl
>> Xref: cpmsftngxa06.phx.gbl
microsoft.public.inetserver.iis.security:18091
>> NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
>> X-Tomcat-NG: microsoft.public.inetserver.iis.security
>>
>> Tom,
>>
>> Thanks for responding.
>>
>> If I recall, the standalone server installation
required
>> the name of a "workgroup" in place of a domain. In any
>> case there is no group, it is just the one server,
using
>> local users and groups. The login credentials I am
trying
>> to login with are local user accounts, which work fine
in
>> interactive logon or using basic authentication.
>>
>> Attempting to logon with user name of
SERVERNAME\account,
>> and nothing entered for the domain, the server replies
>> (without successfully authenticating) with the logon
>> dialog box showing the SERVERNAME in the domain box,
and
>> the account name in the user name box.
>>
>> Thanks again for your help. Any additional thoughts
>> appreciated.
>>
>>
>>
>> >-----Original Message-----
>> >"Paul Deneen" <paul@carbide.com> wrote in message
>> >news:044101c30e5b$4cb9be80$a001280a@phx.gbl...
>> >> We're running a Win2K co-located stand-alone web
server
>> >> (no Active Directory).
>> >>
>> >> Basic authentication works, Integrated Windows
>> >> Authentication doesn't even when credentials are
entered
>> >> in dialog box. Neither using default domain (leaving
>> >> the "domain" field empty) nor using the workgroup
name
>> >> makes any difference - the authentication fails.
>> >>
>> >> Is Integrated Windows Authentication only available
in
>> the
>> >> context of an Active Directory domain?
>> >
>> >What do you mean by "workgroup"? Accounts would need
to
>> be either local to
>> >the server or domain accounts. Since you indicate
that
>> you're not in a
>> >domain, what happens when you use a local account
>> (SERVERNAME\account)?
>> >
>> >--
>> >Tom Kaminski IIS MVP
>> >http://www.iistoolshed.com/ - tools, scripts, and
>> utilities for running IIS
>> >http://mvp.support.microsoft.com/
>>
>http://www.microsoft.com/windowsserver2003/community/cente
>> rs/iis/
>> >
>>
>>
>> >
>> >
>> >.
>> >
>>
>
>-----
>Please do not send email directly to this alias. This is
an online
>account name for newsgroup participation only.
>
>This posting is provided "AS IS" with no warranties, and
confers
>no rights. You assume all risk for your use.
>
>© 2003 Microsoft Corporation. All rights reserved.
>
>.
>
- Next message: Scott Dever: "IIS Lockdown tool."
- Previous message: Dominic: "Re: Permissions problem using IIS 4.0 and Windows NT 4 Server (Intranet)"
- In reply to: Lisa Cozzens [MSFT]: "Re: IIS 5 Integrated Windows Authentication problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
