Re: Can't get advanced digest authentication working



From Microsoft Windows XP/2003 Security Target paper, 2005:
http://niap.bahialab.com/cc-scheme/st/st_vid4025-st.pdf

'However, in Windows Server 2003 TOE, the AD extended schema properties
ensures that every newly created user account automatically has the Digest
authentication password hashed and stored as a field in the "AltSecId"
property of the user object.'

Also altsecid and atsecurityidentities appear to be identical?
http://www.google.co.uk/search?hl=en&q=altsecid+altsecurityidentities&meta=

Our problem is that when a new domain account is created
altsecurityidentities is not populated for that user.

Thanks

David



"David" <idstechnet@xxxxxxxxxxxxxxx> wrote in message
news:et069LbqHHA.4108@xxxxxxxxxxxxxxxxxxxxxxx
Hi there - yes it is a member server.
As per your Q article a user should have the password hash stored in
AltSecID . I assume this is the same as altsecurityidentities as shown in
adsiedit (we don't have altsecid listed). How do we troubleshoot this -
or is this an AD group question?
Thanks
David

""WenJun Zhang[msft]"" <wjzhang@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:vmpdzzaqHHA.3656@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi David,

First of all, is the server a member of Windows 2003 domain? Currently
only
Windows 2003 domain supports Advanced Digest authentication because only
Windows 2003 domain controller stores the digest hash. Please refer to:

824032 Digest authentication and Advanced Digest authentication in
Windows
Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;824032

Thanks.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each
follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.





.