Re: Authentication Problems

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/29/05

  • Next message: Roger Abell [MVP]: "Re: DCOMCnfg permissions for application" 
    Date: Sat, 29 Oct 2005 08:52:41 -0700

    I think you are swimming upstream Barry.
    What you describe as the experienced behavior is what
    I know as the expected behavior. To swim downstream,
    gate access to the pages with the domain accounts of the
    users that should be allowed.
    What is happening is that newer OS clients, when their IE
    is configured to allow automatic Windows login, send the
    sam qualified name of the account in use (clientboxX\userA
    or DomainX\UserA) which will conflict with the machine
    account needed

    "Barry" <Barry@discussions.microsoft.com> wrote in message
    news:40F1A7CC-97EC-44DE-A88C-99E3CE6BDA65@microsoft.com...
    > Have recently migrated my server from W2K to a W2K3 platform, and
    > everything
    > is functional on my site but I have one minor issue that I would like some
    > help with.
    >
    > I'm running a W2K AD domain with my W2K3 server as a member server.
    > Client
    > computers are either WinXP or W2K Systems, fully patched. We have some
    > older
    > NT 4.0 / Win9X clients as well that we use to run some speciality software
    > that will not run from W2K or WinXP so we're running AD in mixed mode to
    > support those clients.
    >
    > ServerA is my Webserver and my AD is called DomainX.
    >
    > We have 2 ASP files that we want to have a certain user to run (UserA),
    > which is a local user created on the webserver (ServerA). This was how it
    > was done when I inherited this project, I'm sure there are better ways to
    > do
    > it.
    >
    > We have assigned NTFS permissions to this file, assigning the appropriate
    > rights to this user.
    >
    > When we try to access the ASP file, we are prompted for a username /
    > password combination.
    >
    > If we type UserA, and the correct password, we get challenged again for
    > the
    > username & password, except that now it shows DomainX/UserA as the user
    > that
    > we want to authenticate.
    >
    > If we use ServerA/UserA and type the correct password, the ASP files are
    > executed correctly.
    >
    > In fact, in order to get this to work, we had to specify the
    > NTAuthenticationProviders as being NTLM.
    >
    > We want to eliminate the need to specify ServerA/UserA and have the users
    > simply type in UserA and have it authenticated against the local users on
    > the
    > server.
    >
    > We've tried Basic Authentication with the default domain name specified as
    > ServerA, and many other combinations with no luck.
    >
    > I'm sure there is a way to do this.
    >
    > I would sure appreciate any help!
    >
    > Thanks in advance.
    >
    > Barry

  • Next message: Roger Abell [MVP]: "Re: DCOMCnfg permissions for application"