Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/31/04
- Next message: Ken Schaefer: "Re: Basic Authentication domains don't work properly"
- Previous message: Ken Schaefer: "Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined"
- In reply to: Tom Kaminski [MVP]: "Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined"
- Next in thread: Roger Abell: "Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Mar 2004 11:48:51 +1000
"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:c4bs56$4s015@kcweb01.netnews.att.com...
: "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
: news:uB1SIxhFEHA.2160@TK2MSFTNGP12.phx.gbl...
: > "Tom Kaminski [MVP]" wrote
: > > "Ken Schaefer" wrote
: > > > "Tom Kaminski [MVP]" wrote
: > > > : "Nachi" wrote
: > > > : I've a Win2K machine joined to a domain. Setup the IIS to
: Integrated
: > > > : and the rest of authetication option are not set. Whenever I
browse
: to
: > > > : any HTML page, authentication happens locally and not against the
: > > > : domain joined.
: >
: > > > : Upon enabling basic authentication alone (with the domain pointing
: to
: > > > : the joined domain), it works by authenticating against the said
: > domain.
: > > > : But strangely with 'integrated authentication' alone, it always
goes
: > to
: > > > : local machine rather than joined domain. Is there a way to force
: > > > : authentication against domain explicitly?
: > > > :
: > > > : Specifically how are you testing this? IIS should use the domain.
: > > >
: > > >
: > > > Not in my experience...
: > > >
: > > > IIS interprets Username as <LocalIISServer>\Username rather than
: > > > <Domain>\Username
: > >
: > > I wonder why? It's always worked correctly in my environment - which
is
: > the
: > > whole point of Windows Integrated authentication (to use the domain).
: > >
: >
: > I am waiting with baited breath, as my experience has always
: > been the same as Ken, local accounts only unless specified
: > otherwise. If you really have seen it otherwise Tom, then can
: > we compare what you have tweaked to get this behavior?
:
: I haven't had to tweak anything. Read what Paul posted and think about
it -
: how can IIS use the account you logged on to your workstation with if IIS
is
: expecting it's own local accounts? The server's local account only exist
in
: the context of the server - you can't logon to your own machine with them.
You can logon to a machine with *any* account the machine accepts, and then
logon to a network resource with *any* credentials that the network resource
will accept. They can be different.
Tom, you'll just have to accept that IIS, in the absence of a Domain name,
will use the local user accounts database. It does not *default* to the
Domain.
: A domain account, on the other hand, can be used on all machines in the
: domain, both servers and workstation - hence the point of Windows
Integrated
: authentication - you're already logged on to your machine with a domain
: account so IE/IIS will use that (in the background) and not prompt you
: again.
Cheers
Ken
- Next message: Ken Schaefer: "Re: Basic Authentication domains don't work properly"
- Previous message: Ken Schaefer: "Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined"
- In reply to: Tom Kaminski [MVP]: "Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined"
- Next in thread: Roger Abell: "Re: IIS 5.0 Integrated Authentication always looks locally than to the domian it has joined"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
