Re: IIS 6 - UNC - 401.1 - Access is denied due to invalid credentials

From: Augustus (anonymous_at_discussions.microsoft.com)
Date: 11/27/03


Date: Thu, 27 Nov 2003 04:16:51 -0800

Got this working now, starting from scratch (don't know
where it was wrong though).

Augustus
>-----Original Message-----
>Dear David,
>
> Thank you for trying to help me out, but I'm puzzled
>with your answer. Is my current situation correct (can't
>login with Integrated Windows Authentication through IIS6
>to a protected directory on the NAS Applience), or could
>you give me a hint on what I'm missing (please note that
>delegation is activated).
> i have no idea how to go further from here.
>
>Thanks again
>Augustus
>
>
>>-----Original Message-----
>>Hmm... well, your question is already answered in that
>URL, and no, nothing
>>is wrong with your observed behavior.
>>
>>You are assuming that all authentication can be
>delegated, which is
>>incorrect. Basic Authentication is the ultimate in
>unsafe delegation
>>because it just passes the username and password to the
>server and blindly
>>trusts that the server will do the right thing with it.
>>
>>--
>>//David
>>IIS
>>This posting is provided "AS IS" with no warranties, and
>confers no rights.
>>//
>>"augustus" <anonymous@discussions.microsoft.com> wrote
in
>message
>>news:444201c3b1c0$ae3916c0$a601280a@phx.gbl...
>>1. I have "Integrated Windows authentication" checked for
>>both (local & nas) directories.
>>2. I cannot even view the page as administrator of the
>>domain (same error), so something is really wrong here.
>>3. Yes, I know the RemStorg.asp page you mention out of
my
>>head (even looked at the Web Cast on this argument)
>>
>>Augustus
>>
>>
>>>-----Original Message-----
>>>What authentication type did you enable on the UNC vdir?
>>>
>>>401.1 implies that IIS failed to obtain the user token
>>via LogonUser --
>>>usually due to incorrect username/password. If it's
>>anonymous -- check that
>>>the anonymous account is synchronized between the
>>metabase and SAM/AD.
>>>
>>>Have you looked at:
>>>http://www.microsoft.com/technet/treeview/default.asp?
>>url=/technet/prodtechnol/windowsserver2003/deploy/confeat
/
>R
>>emStorg.asp
>>>
>>>--
>>>//David
>>>IIS
>>>This posting is provided "AS IS" with no warranties, and
>>confers no rights.
>>>//
>>><anonymous@discussions.microsoft.com> wrote in message
>>>news:07b101c3b10c$22a24690$a401280a@phx.gbl...
>>>Forgot to tell, UNC mapping is used to access the share:
>>>\\nas01\share\web\root\clientname\html indicating no
>>>username nor password, leaving "Always use the
>>>authenticated user's credentials when validating access
>to
>>>the network directory." checked.
>>>The not password protected area is working well, just
the
>>>password protected directory is not working
>>>(file permissions are the same as the local website)
>>>Any ideas?
>>>
>>>thanks in advance,
>>>Augustus
>>>>-----Original Message-----
>>>>I've setup a Windows 2003 Standard Server as PDC with
>IIS
>>>>and a NAS (Dell PV 725) with Windows Powered 2000
>Server.
>>>>A simple website (IUSR read-only, client R/W) with a
>>>>password protected directory for the website statistics
>>>>(no IUSR, client read-only).
>>>>This situation hosted locally on the W2K3 IIS Server
>>>works
>>>>fine, but results in a problem when is situated on the
>>>>NAS; the client cannot view the protected directory
>>>>through http, username & password are not accepted
>>>>resulting in a "HTTP Error 401.1 - Unauthorized: Access
>>>is
>>>>denied due to invalid credentials. Internet Information
>>>>Services (IIS)" error.
>>>>FTP access for this user is working fine (R/W to his
>>>>website, read-only for the password protected
>directory).
>>>>What can be wrong here?
>>>>.
>>>>
>>>
>>>
>>>.
>>>
>>
>>
>>.
>>
>.
>



Relevant Pages

  • Re: Server 2003 as a DC - Active Directory dies???
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... only reply to Newsgroups ... Anything that requires Windows authentication (Shares, Outlook, ...
    (microsoft.public.windows.server.general)
  • Re: VPN Authentication issue
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... >>> suggestions on what may be stoping the connection from authentication ...
    (microsoft.public.isa.vpn)
  • Re: Kerberos/NTLM Authentication Problem
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... > of non-uniform authentication is usually some form of custom ... > "Nigel Rowe" wrote in message ...
    (microsoft.public.inetserver.iis.security)
  • Re: Im so tired of moving computers to OUs
    ... SDE, Active Directory Core ... This posting is provided "AS IS" with no warranties, and confers no rights. ... See AD delegation whitepaper, ...
    (microsoft.public.windows.server.general)
  • Re: Im so tired of moving computers to OUs
    ... SDE, Active Directory Core ... This posting is provided "AS IS" with no warranties, and confers no rights. ... See AD delegation whitepaper, ...
    (microsoft.public.windows.server.active_directory)