Re: Can login domain be set to a default?
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 09/01/05
- Next message: Roger Abell [MVP]: "Re: Problem in Change Password! Password Recovery"
- Previous message: Roger Abell [MVP]: "Re: multisession for simultaneous logon?"
- Next in thread: Gery D. Dorazio: "Re: Can login domain be set to a default?"
- Reply: Gery D. Dorazio: "Re: Can login domain be set to a default?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 1 Sep 2005 00:47:29 -0700
Gary,
If by "external web domain" you are meaning the DNS name for the
site as known by the browsing public, then this has no impact on the
need for specifying a login domain.
They need to say domain\user because the IIS is on a member and
you are having them use domain accounts instead of machine local
accounts of the IIS box (and the login process needs a way to
distinguish). If you drop the Windows integrated and go to clear
text authentication then you can still use domain accounts and you
can specify a default login domain. Of course the clear text nature
of this is definitely not desirable. In standard as-it-ships IIS you
cannot specify a default domain for Windows integrated authentication
(since that is a challenge response discussion where IIS is not an
intimate intermediary able to "adjust" what is being exchanged).
I believe that you might actually want to look at the digest authentication
capability of IIS 6 or of the older MSCS membership services.
Roger
-- Roger Abell Microsoft MVP (Windows Server : Security) MCSE (W2k3,W2k,Nt4) MCDBA "Gery D. Dorazio" <gdorazio@enque.net> wrote in message news:%23TtcSKfrFHA.1168@TK2MSFTNGP10.phx.gbl... > When users access a secured web site I manage the normal Windows login > dialog appears requiring the username and password. The username text box > requires the domain\username to be entered. Windows Integrated > Authentication is being used as the authentication method. > > The web site hardware for this system is a web server box, a DNS box with > Active Directory, and a database box. (This is a SharePoint installation.) > The internal domain for the three servers is different than the web site > domain defined for the internet. Correct me if I am wrong but I think this > is why the username text box requires the domain\username and not just the > username. Is this correct thinking? > > If my thinking is correct so far (or if it's not and you can correct me) > then my fundamental question is how can I configure this setup to not > require the domain part of the login? I do not want to change the internal > domain of the three servers. Is there an alias capability where the > internal domain can be aliased to match the external web domain being > requested? > > Thanks for any suggestions. > > Gery > > > -- > Gery D. Dorazio > Development Engineer > > EnQue Corporation > 1334 Queens Road > Charlotte, NC 28207 > (704) 377-3327 >
- Next message: Roger Abell [MVP]: "Re: Problem in Change Password! Password Recovery"
- Previous message: Roger Abell [MVP]: "Re: multisession for simultaneous logon?"
- Next in thread: Gery D. Dorazio: "Re: Can login domain be set to a default?"
- Reply: Gery D. Dorazio: "Re: Can login domain be set to a default?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
