Re: IIS 5 Authentication problem- solved
From: Paul Deneen (paul_at_carbide.com)
Date: 04/30/03
- Next message: Fivos Adamidis: "Re: IUSR account replication outside Active Directory"
- Previous message: Wes: "FTP Password Exposed"
- In reply to: Tom Kaminski [MVP]: "Re: IIS 5 Authentication problem- solved"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Apr 2003 11:46:31 -0700
That explains it.
Thanks so much.
-Paul
>-----Original Message-----
>Good find, but Basic and Integrated work differently.
Basic requires "Log
>on locally" while Integrated requires "Access from the
network". Your
>findings are consistent with what's required for either
scheme.
>
>--
>Tom Kaminski IIS MVP
>http://www.iistoolshed.com/ - tools, scripts, and
utilities for running IIS
>http://mvp.support.microsoft.com/
>http://www.microsoft.com/windowsserver2003/community/cente
rs/iis/
>
>"Paul Deneen" <paul@carbide.com> wrote in message
>news:042101c30f39$bb15dab0$3301280a@phx.gbl...
>Thanks to any who responded or gave thought to this
>problem.
>
>I found the self-inflicted cause of the problem.
>In Local Security Policies/User Rights Assignment I had
>added the administrators group to the right: "deny access
>to this computer from the network". I believed that this
>would grant only administrators the right to "deny
>access.." to other groups or users. Apparently it works
>opposite from that, and administrators were denied
>access. It is curious, though, that basic authentication
>still worked.
>
>Thanks again.
>
>
>
>
>>-----Original Message-----
>>If you enter a username/password three times, you should
>see an error
>>message and an error code, probably a 401.something. The
>following article
>>may help you figure out what's going on:
>>318380 IIS Status Codes
>>http://support.microsoft.com/?id=318380
>>
>>Most likely it will be a 401.3, Access denied due to ACL
>on resource,
>>indicating that either your NTFS permissions or logon
>rights are not
>>correct. Can you log in using an administrator account,
>or do all accounts
>>fail? What do the NTFS permissions look like on the files
>you're trying to
>>access?
>>
>>Lisa
>>
>>--------------------
>>> Content-Class: urn:content-classes:message
>>> From: "Paul Deneen" <paul@carbide.com>
>>> Sender: "Paul Deneen" <paul@carbide.com>
>>> References: <044101c30e5b$4cb9be80$a001280a@phx.gbl>
>><b8m1ji$mmt6@kcweb01.netnews.att.com>
>>> Subject: Re: IIS 5 Integrated Windows Authentication
>problem
>>> Date: Tue, 29 Apr 2003 11:28:40 -0700
>>> Lines: 59
>>> Message-ID: <012c01c30e7d$27f3dd20$a401280a@phx.gbl>
>>> MIME-Version: 1.0
>>> Content-Type: text/plain;
>>> charset="iso-8859-1"
>>> Content-Transfer-Encoding: 7bit
>>> X-Newsreader: Microsoft CDO for Windows 2000
>>> X-MimeOLE: Produced By Microsoft MimeOLE
V5.50.4910.0300
>>> Thread-Index: AcMOfSfzIruG4hzbR0aK37zJXWTKMw==
>>> Newsgroups: microsoft.public.inetserver.iis.security
>>> Path: cpmsftngxa06.phx.gbl
>>> Xref: cpmsftngxa06.phx.gbl
>microsoft.public.inetserver.iis.security:18091
>>> NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
>>> X-Tomcat-NG: microsoft.public.inetserver.iis.security
>>>
>>> Tom,
>>>
>>> Thanks for responding.
>>>
>>> If I recall, the standalone server installation
>required
>>> the name of a "workgroup" in place of a domain. In any
>>> case there is no group, it is just the one server,
>using
>>> local users and groups. The login credentials I am
>trying
>>> to login with are local user accounts, which work fine
>in
>>> interactive logon or using basic authentication.
>>>
>>> Attempting to logon with user name of
>SERVERNAME\account,
>>> and nothing entered for the domain, the server replies
>>> (without successfully authenticating) with the logon
>>> dialog box showing the SERVERNAME in the domain box,
>and
>>> the account name in the user name box.
>>>
>>> Thanks again for your help. Any additional thoughts
>>> appreciated.
>>>
>>>
>>>
>>> >-----Original Message-----
>>> >"Paul Deneen" <paul@carbide.com> wrote in message
>>> >news:044101c30e5b$4cb9be80$a001280a@phx.gbl...
>>> >> We're running a Win2K co-located stand-alone web
>server
>>> >> (no Active Directory).
>>> >>
>>> >> Basic authentication works, Integrated Windows
>>> >> Authentication doesn't even when credentials are
>entered
>>> >> in dialog box. Neither using default domain
(leaving
>>> >> the "domain" field empty) nor using the workgroup
>name
>>> >> makes any difference - the authentication fails.
>>> >>
>>> >> Is Integrated Windows Authentication only available
>in
>>> the
>>> >> context of an Active Directory domain?
>>> >
>>> >What do you mean by "workgroup"? Accounts would need
>to
>>> be either local to
>>> >the server or domain accounts. Since you indicate
>that
>>> you're not in a
>>> >domain, what happens when you use a local account
>>> (SERVERNAME\account)?
>>> >
>>> >--
>>> >Tom Kaminski IIS MVP
>>> >http://www.iistoolshed.com/ - tools, scripts, and
>>> utilities for running IIS
>>> >http://mvp.support.microsoft.com/
>>>
>>http://www.microsoft.com/windowsserver2003/community/cent
e
>>> rs/iis/
>>> >
>>>
>>>
>>> >
>>> >
>>> >.
>>> >
>>>
>>
>>-----
>>Please do not send email directly to this alias. This is
>an online
>>account name for newsgroup participation only.
>>
>>This posting is provided "AS IS" with no warranties, and
>confers
>>no rights. You assume all risk for your use.
>>
>>© 2003 Microsoft Corporation. All rights reserved.
>>
>>.
>>
>
>
>.
>
- Next message: Fivos Adamidis: "Re: IUSR account replication outside Active Directory"
- Previous message: Wes: "FTP Password Exposed"
- In reply to: Tom Kaminski [MVP]: "Re: IIS 5 Authentication problem- solved"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
