Re: SPS wont use kerberos
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 05/30/04
- Next message: Ryan Riddell: "Re: IIS Seperate Partition?"
- Previous message: Joe: "Pop Ups"
- In reply to: Al Blake: "Re: SPS wont use kerberos"
- Next in thread: Al Blake: "Re: SPS wont use kerberos"
- Reply: Al Blake: "Re: SPS wont use kerberos"
- Reply: Al Blake: "Re: SPS wont use kerberos"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 May 2004 10:30:54 +1000
Is the server actually sending back:
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
in the HTTP response headers. You can use WFetch to test this:
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en
Is the client then attempting to use Kerberos to authenticate. You will need
to use something like Ethereal to test this: www.ethereal.com
Cheers
Ken
"Al Blake" <al@blakes.net> wrote in message
news:%23gLHDHdREHA.1160@TK2MSFTNGP09.phx.gbl...
: Sure.
: But what would you like to know ?
: Al.
:
: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
: news:uwgvzEYREHA.1644@TK2MSFTNGP09.phx.gbl...
: > Hi,
: >
: > As mentioned in your other thread, let's please look at what is actually
: > happening between server and client before speculating about causes.
: >
: > Cheers
: > Ken
: >
: >
: > "Al Blake" <al@blakes.net> wrote in message
: > news:%23w3uNdWREHA.2112@TK2MSFTNGP11.phx.gbl...
: > : We have a windows2003 member server in a native AD domain that runs
: > SPS2003
: > : as well as a number of non-SPS IIS6 web sites.
: > : We have managed to configure all the web sites *except* SPS2003 to use
: > : kerberos as their preferred authentication - so we know kerberos is
: > working
: > : on the box.
: > :
: > : We have followed KB832769 to enable kerberos on the SPS web but still
: > : whenever a client browser connects (XP + IE6SP1) the authentication
: method
: > : selected is NTLM. Why?
: > :
: > : We have:
: > : a) Set NTAuthenticationProviders to "Negoatiate,NTLM" in the metabase
: for
: > : the SPS site
: > : b) Set the computer account as trusted for delegation in AD
: > : c) Set the user account used by the app pool as trusted in AD
: > : d) Used setspn to add HTTP/DOMAIN\USER SERVER as an additional spn
: > :
: > : but still NTLM is used as the authentication mechanism.
: > :
: > : As a side issue, when tryng to access the box from another windows2003
: > : server (such as our TS server) which is running IE 6.0.3790.0 we get
: > : repeatedly prompted to login if authentication mechanism is
: > : "Negotiate,NTLM". Checking in the event log shows a kerberos failure
for
: a
: > : blank username.
: > :
: > : Trying from XP+IE6SP1 clients we do not get prompted to login (ie
: windows
: > : authentication works) but checking in the event log indicates that
NTLM
: > has
: > : been used ! So XPIE6SP1 is NOT using kerberos to authenticate with the
: SPS
: > : site. Why not?
: > :
: > : Al Blake, Canberra, Australia
: > :
: > :
: >
: >
:
:
- Next message: Ryan Riddell: "Re: IIS Seperate Partition?"
- Previous message: Joe: "Pop Ups"
- In reply to: Al Blake: "Re: SPS wont use kerberos"
- Next in thread: Al Blake: "Re: SPS wont use kerberos"
- Reply: Al Blake: "Re: SPS wont use kerberos"
- Reply: Al Blake: "Re: SPS wont use kerberos"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
