Re: Can't get advanced digest authentication working



From Microsoft Windows XP/2003 Security Target paper, 2005:
http://niap.bahialab.com/cc-scheme/st/st_vid4025-st.pdf

'However, in Windows Server 2003 TOE, the AD extended schema properties
ensures that every newly created user account automatically has the Digest
authentication password hashed and stored as a field in the "AltSecId"
property of the user object.'

Also altsecid and atsecurityidentities appear to be identical?
http://www.google.co.uk/search?hl=en&q=altsecid+altsecurityidentities&meta=

Our problem is that when a new domain account is created
altsecurityidentities is not populated for that user.

Thanks

David



"David" <idstechnet@xxxxxxxxxxxxxxx> wrote in message
news:et069LbqHHA.4108@xxxxxxxxxxxxxxxxxxxxxxx
Hi there - yes it is a member server.
As per your Q article a user should have the password hash stored in
AltSecID . I assume this is the same as altsecurityidentities as shown in
adsiedit (we don't have altsecid listed). How do we troubleshoot this -
or is this an AD group question?
Thanks
David

""WenJun Zhang[msft]"" <wjzhang@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:vmpdzzaqHHA.3656@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi David,

First of all, is the server a member of Windows 2003 domain? Currently
only
Windows 2003 domain supports Advanced Digest authentication because only
Windows 2003 domain controller stores the digest hash. Please refer to:

824032 Digest authentication and Advanced Digest authentication in
Windows
Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;824032

Thanks.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each
follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.





.



Relevant Pages

  • Re: Cannot use usernameForCertificateSecurity with IIS application pool custom account
    ... My client needs to provide windows credentials to call the web service. ... So IIS has windows authentication off and anymous access on. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: Thread.CurrentPrincipal
    ... If you want to use Windows role-based authentication in your application, ... Microsoft Online Community Support ... nature are best handled working with a dedicated Microsoft Support Engineer ...
    (microsoft.public.dotnet.framework)
  • Re: help :Basic Digest vs Windows integrated ???
    ... does anyone can explain me clearling the real different between Windows ... integrated authentication and Basic Digest? ... Basic and Digest are different. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: IIS Security
    ... using integrated windows authenticaiton in IIS to automatically acquire the ... you using forms authentication and AD membership provider to let user ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: web site and active directory
    ... you can enable integrated windows ... authentication for the ASP.NET's virtual directory in IIS and also disable ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet)