Re: Windows Integrated and the domain name
- From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 22 Sep 2007 14:23:49 +1000
"try thinking like a user" is a cop-out. It's one of those catch-all phrases that people throw out when something doesn't work the way they want it to work.
a) Configuring GPOs isn't really all that difficult. You can use *wildcards* to put every site in a particular domain into the Intranet security zone if you wish. That shouldn't take too long to do. If you want to talk about "enterprise" then you should use the enterprise tools available to you for management
b) Just because Firefox prepends some domain name prior to sending this off doesn't really help your users if you have multiple domains - it just causes problems for people who need to use alternate credentials.
c) Both NTLM and Kerberos authentication require the full realm and username - that's unfortunately the way both of those two protocols work. There are ways to have IE automatically submit the user's credentials (as others have noted) or you can have the user manually enter Realm\Username or user@xxxxxxxxxxx Microsoft has been encouraging the latter since Windows 2000 (only 7 years)
Cheers
Ken
"super1" <superbrownbrown1@xxxxxxxxxxxxx> wrote in message news:%23p45keG$HHA.4784@xxxxxxxxxxxxxxxxxxxxxxx
This thread is not turning out to be very helpful. Try thinking like a user and then try to get past the fact that "It works in FireFox."
You can explain it all day, but when someone else's product appears to work better you lose.
This is not an error in the domain. This is a huge domain with hundreds of SharePoint sites and hundreds of IT administrators. Getting all of them to put all the SharePoint sites in all computers intranet sites is just not going to happen.
If anyone has any other constructive ideas please post.
""WenJun Zhang[msft]"" <wjzhang@xxxxxxxxxxxxxxxxxxxx> wrote in message news:3U28sy4%23HHA.4200@xxxxxxxxxxxxxxxxxxxxxxxxxHi,
Just as David and Tiago mentioned, this is actually a pure IE bahavior or
Windows domain related issue. As for IIS server side, it will never control
how client browser will cache computer\username or domain\username for
authentication.
Based on my experience, for a direct integrated windows authentication
between IIS and IE, if the automatical logon attempt fails, IE will just
prompt up a blank authentication dialog without a default user
account(neither computer\username nor domain\username). So I also suspect
the issue is somewhat related to your domain configuration. A typical case
is the client need to pass through a third machine to access the site, for
example: an ISA proxy in the middle.
Therefore I'd like to suggest you post the issue to our IE or Windows AD
newsgroup to clarify: in which cases, IE will attach computer\username or
domain\username as default account name for authentication:
microsoft.public.internetexplorer.general
microsoft.public.windows.server.active_directory
For your reference, the following article list the possible causes of why
IE fails to auto finish an integrated window authentication with IIS and
prompt for password.
Internet Explorer May Prompt You for a Password
http://support.microsoft.com/?id=258063
Thanks and have a nice day.
Sincerely,
WenJun Zhang
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- Windows Integrated and the domain name
- From: super1
- Re: Windows Integrated and the domain name
- From: David Wang
- Re: Windows Integrated and the domain name
- From: "WenJun Zhang[msft]"
- Re: Windows Integrated and the domain name
- From: super1
- Windows Integrated and the domain name
- Prev by Date: Re: Windows Integrated and the domain name
- Next by Date: Re: Updating a web server
- Previous by thread: Re: Windows Integrated and the domain name
- Next by thread: Re: basic auth with url redirection in WINXP IIS 5.1
- Index(es):
Relevant Pages
|
