IIS6 - Virtual Directory to URL share, authentication problems.
From: Bob Eadie (robert_at_eadies.org.uk)
Date: 10/26/04
- Next message: Chris: "Mac & Unix permissions"
- Previous message: Tom Kaminski [MVP]: "Re: What happened to good old proxy server?"
- Next in thread: Ken Schaefer: "Re: IIS6 - Virtual Directory to URL share, authentication problems."
- Reply: Ken Schaefer: "Re: IIS6 - Virtual Directory to URL share, authentication problems."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Oct 2004 19:05:56 +0100
I have IIS6 running on a Win2003 box within a mixed Win2000/Win2003 domain.
I have set up a Virtual Directory set up to a remote share, and selected
'pass users credentials' to authenticate, as some users have more access
than others to various folders within the share. Anonymous is also
selected, as anonymous users are allowed to access some folders on the share
( I have given 'everyone' read and browse permissions to those folders).
Integrated and Basic authentication are selected.
I have also given the server 'delegation' rights.
It works fine from WindowsXP machines within the domain.
It does not work for users logged on to our Windows2003 Terminal Servers,
but does work for an administrator logged on to the Terminal Servers.
It does not work for users accessing the IIS server as a published server
through our Windows2003/ISA Server2004 firewall.
The symptoms when it does not work are that the user is asked for
username/pw three times, and then the error 401.3 'access denied because of
the ACls in force'.
However, the IIS logs show that the correct domain\username is being used to
try to access the share.
The whole of the rest of a fairly complex Intranet web-site works fine, both
within the network, and from outside through the firewall.
Any help where I start to look next to resolve this? I have already studied
about a dozen MS knowledgebase articles without success. Many of them talk
about delegation facilities which are only available in a 'Native' Win2003
domain, and I can't make ours that as we have Win2000 Domain controllers (as
well as one Win2003 DC).
thanks,
Bob
- Next message: Chris: "Mac & Unix permissions"
- Previous message: Tom Kaminski [MVP]: "Re: What happened to good old proxy server?"
- Next in thread: Ken Schaefer: "Re: IIS6 - Virtual Directory to URL share, authentication problems."
- Reply: Ken Schaefer: "Re: IIS6 - Virtual Directory to URL share, authentication problems."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
