Re: Can't get advanced digest authentication working
- From: "David" <idstechnet@xxxxxxxxxxxxxxx>
- Date: Fri, 8 Jun 2007 12:00:35 +0100
From Microsoft Windows XP/2003 Security Target paper, 2005:http://niap.bahialab.com/cc-scheme/st/st_vid4025-st.pdf
'However, in Windows Server 2003 TOE, the AD extended schema properties
ensures that every newly created user account automatically has the Digest
authentication password hashed and stored as a field in the "AltSecId"
property of the user object.'
Also altsecid and atsecurityidentities appear to be identical?
http://www.google.co.uk/search?hl=en&q=altsecid+altsecurityidentities&meta=
Our problem is that when a new domain account is created
altsecurityidentities is not populated for that user.
Thanks
David
"David" <idstechnet@xxxxxxxxxxxxxxx> wrote in message
news:et069LbqHHA.4108@xxxxxxxxxxxxxxxxxxxxxxx
Hi there - yes it is a member server.
As per your Q article a user should have the password hash stored in
AltSecID . I assume this is the same as altsecurityidentities as shown in
adsiedit (we don't have altsecid listed). How do we troubleshoot this -
or is this an AD group question?
Thanks
David
""WenJun Zhang[msft]"" <wjzhang@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:vmpdzzaqHHA.3656@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi David,
First of all, is the server a member of Windows 2003 domain? Currently
only
Windows 2003 domain supports Advanced Digest authentication because only
Windows 2003 domain controller stores the digest hash. Please refer to:
824032 Digest authentication and Advanced Digest authentication in
Windows
Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;824032
Thanks.
Sincerely,
WenJun Zhang
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each
follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
.
- Follow-Ups:
- Re: Can't get advanced digest authentication working
- From: DaveMo
- Re: Can't get advanced digest authentication working
- References:
- Can't get advanced digest authentication working
- From: David
- RE: Can't get advanced digest authentication working
- From: "WenJun Zhang[msft]"
- Re: Can't get advanced digest authentication working
- From: David
- Can't get advanced digest authentication working
- Prev by Date: Re: Can't get advanced digest authentication working
- Next by Date: Access Denied: Obtaining a Server Certificate from Your Own CA
- Previous by thread: Re: Can't get advanced digest authentication working
- Next by thread: Re: Can't get advanced digest authentication working
- Index(es):
Relevant Pages
|
