Re: Integrated Windows Authentication

From: Phil (phil.savage_at_citigroup.com)
Date: 05/28/03 

Date: Tue, 27 May 2003 20:56:22 -0700

Thanks for the reply Michael,

I have been testing with various different ACL's but
basically the ACL on the file is as follows:

Administrators:F
Everyone:R
SYSTEM:F

All our different domain "domian users" groups have been
grant the user right to "access this computer from the
network" too so I beleive that is not the issue

Phil

>-----Original Message-----
>the log tells all!!
>
>GET /auth/test.asp - 401 5
>
>the '-' means an unauth user.
>the '401' is, well, 401!!
>the '5' is the Win32 error - accessed denied.
>
>which means that unauth users are denied access
to /auth/test.asp
>
>what's the ACL on the file?
>
>--
>
>Cheers, Michael
>Writing Secure Code 2nd Edition
>(http://www.microsoft.com/MSPress/books/5957.asp)
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>"Phil Savage" <phil.savage@citigroup.com> wrote in message
>news:2e5701c3241d$cbc06120$a101280a@phx.gbl...
>> I have raised this issue before wihtin this Newsgroup
but
>> now the replies to my original posting are unreadable as
>> they are over a week old and MS has deleted them
(Greeat!).
>>
>> With this in mind could you post your reply both here
and
>> via email. Thanks
>>
>> I am running a IIS5.0 Website with Inregrated Windows
>> Authentication enabled.
>>
>> When I try to access an asp page within this area I get
a
>> HTTP:401.2 error.
>>
>> From the INETLOGs I get this error message:
>> 2003-05-27 06:20:58 169.191.98.90 - 169.191.98.64 80
>> GET /auth/test.asp - 401 5 Mozilla/4.0+
>> (compatible;+MSIE+6.0;+Windows+NT+5.0) (What does the 5
>> represent after the 401?)
>>
>> I have downloaded WFETCH and thrown different
>> authentication packages at the site and the only one
which
>> works is NTLM.
>>
>> But when I use IE is doesn't prompt me for a username
and
>> password and it assumes some other authentication stream
>> and thus returns 401.2
>>
>> Netscape provides a dialog box with authentication but
>> fails when you input details with the same error 401.2
>>
>> The ACL' on these files have been checked and double
>> checked, as well as auditing been turned on with no
event
>> log entries created.
>>
>> Where do I go from here. Do I work on Config for the
>> Client or do I work on server side.
>>
>> Regards
>>
>> Phil Savage
>>
>>
>>
>>
>
>
>.
>

Relevant Pages

  • Re: Integrated Windows Authentication
    ... - Logon failed due to server configuration. ... >>the '-' means an unauth user. ... >>what's the ACL on the file? ... >>> authentication packages at the site and the only one ...
    (microsoft.public.inetserver.iis.security)
  • Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability
    ... When an administrator creates an ACL on the Cisco Secure Access Control ... The protocol used by the PIX to download the ACL works as follows: ... PIX sends Radius Access-Request to CS ACS to authenticate the user (the ... configured to use the very same CS ACS server for login authentication ...
    (comp.dcom.sys.cisco)
  • RE: login and authorization
    ... >authorization would work for my scenario. ... >When I set anonymous authentication and acl authorization ... >But I am having trouble getting passed the login. ...
    (microsoft.public.windowsmedia.server)
  • Re: authentication and ACL with PIX
    ... server on the DMZ interface with an ACL like ... found the correct source IP. ... at that host and authenticate, should they be permitted access to ... Or is the combination of authentication and host ...
    (comp.dcom.sys.cisco)
  • Re: IIS 6 will not work with IP address
    ... identity did not have NTFS ACL rights to access the resource. ... the ACLs or the authentication protocols in IIS such that the two match up, ... Please make sure the resources have NTFS permissions for the remote ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.inetserver.iis.security)