Re: IIS 6 - UNC - 401.1 - Access is denied due to invalid credentials

From: Augustus (anonymous_at_discussions.microsoft.com)
Date: 11/27/03


Date: Thu, 27 Nov 2003 04:16:51 -0800

Got this working now, starting from scratch (don't know
where it was wrong though).

Augustus
>-----Original Message-----
>Dear David,
>
> Thank you for trying to help me out, but I'm puzzled
>with your answer. Is my current situation correct (can't
>login with Integrated Windows Authentication through IIS6
>to a protected directory on the NAS Applience), or could
>you give me a hint on what I'm missing (please note that
>delegation is activated).
> i have no idea how to go further from here.
>
>Thanks again
>Augustus
>
>
>>-----Original Message-----
>>Hmm... well, your question is already answered in that
>URL, and no, nothing
>>is wrong with your observed behavior.
>>
>>You are assuming that all authentication can be
>delegated, which is
>>incorrect. Basic Authentication is the ultimate in
>unsafe delegation
>>because it just passes the username and password to the
>server and blindly
>>trusts that the server will do the right thing with it.
>>
>>--
>>//David
>>IIS
>>This posting is provided "AS IS" with no warranties, and
>confers no rights.
>>//
>>"augustus" <anonymous@discussions.microsoft.com> wrote
in
>message
>>news:444201c3b1c0$ae3916c0$a601280a@phx.gbl...
>>1. I have "Integrated Windows authentication" checked for
>>both (local & nas) directories.
>>2. I cannot even view the page as administrator of the
>>domain (same error), so something is really wrong here.
>>3. Yes, I know the RemStorg.asp page you mention out of
my
>>head (even looked at the Web Cast on this argument)
>>
>>Augustus
>>
>>
>>>-----Original Message-----
>>>What authentication type did you enable on the UNC vdir?
>>>
>>>401.1 implies that IIS failed to obtain the user token
>>via LogonUser --
>>>usually due to incorrect username/password. If it's
>>anonymous -- check that
>>>the anonymous account is synchronized between the
>>metabase and SAM/AD.
>>>
>>>Have you looked at:
>>>http://www.microsoft.com/technet/treeview/default.asp?
>>url=/technet/prodtechnol/windowsserver2003/deploy/confeat
/
>R
>>emStorg.asp
>>>
>>>--
>>>//David
>>>IIS
>>>This posting is provided "AS IS" with no warranties, and
>>confers no rights.
>>>//
>>><anonymous@discussions.microsoft.com> wrote in message
>>>news:07b101c3b10c$22a24690$a401280a@phx.gbl...
>>>Forgot to tell, UNC mapping is used to access the share:
>>>\\nas01\share\web\root\clientname\html indicating no
>>>username nor password, leaving "Always use the
>>>authenticated user's credentials when validating access
>to
>>>the network directory." checked.
>>>The not password protected area is working well, just
the
>>>password protected directory is not working
>>>(file permissions are the same as the local website)
>>>Any ideas?
>>>
>>>thanks in advance,
>>>Augustus
>>>>-----Original Message-----
>>>>I've setup a Windows 2003 Standard Server as PDC with
>IIS
>>>>and a NAS (Dell PV 725) with Windows Powered 2000
>Server.
>>>>A simple website (IUSR read-only, client R/W) with a
>>>>password protected directory for the website statistics
>>>>(no IUSR, client read-only).
>>>>This situation hosted locally on the W2K3 IIS Server
>>>works
>>>>fine, but results in a problem when is situated on the
>>>>NAS; the client cannot view the protected directory
>>>>through http, username & password are not accepted
>>>>resulting in a "HTTP Error 401.1 - Unauthorized: Access
>>>is
>>>>denied due to invalid credentials. Internet Information
>>>>Services (IIS)" error.
>>>>FTP access for this user is working fine (R/W to his
>>>>website, read-only for the password protected
>directory).
>>>>What can be wrong here?
>>>>.
>>>>
>>>
>>>
>>>.
>>>
>>
>>
>>.
>>
>.
>