Re: Can login domain be set to a default?
From: Gery D. Dorazio (gdorazio_at_enque.net)
Date: 09/03/05
- Previous message: Claudio Szykman: "Super Tips - Free Windows Server Firewall with Brute Force Detecti"
- In reply to: Roger Abell [MVP]: "Re: Can login domain be set to a default?"
- Next in thread: Roger Abell [MVP]: "Re: Can login domain be set to a default?"
- Reply: Roger Abell [MVP]: "Re: Can login domain be set to a default?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 3 Sep 2005 02:58:00 -0400
Thanks Roger for the insight.
Currently the site will use clear text as it is running entirely through
SSL...and some of the user base may not be using IE. So I will do as you
suggest and set the default login domain in clear text mode. (I assume that
is done with IIS Manager...)
It didn't occur to me that the server has to distinguish between the
machine and domain accounts...
Thanks,
Gery
-- Gery D. Dorazio Development Engineer EnQue Corporation 1334 Queens Road Charlotte, NC 28207 (704) 377-3327 "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message news:uN8$llsrFHA.1788@tk2msftngp13.phx.gbl... > Gary, > > If by "external web domain" you are meaning the DNS name for the > site as known by the browsing public, then this has no impact on the > need for specifying a login domain. > > They need to say domain\user because the IIS is on a member and > you are having them use domain accounts instead of machine local > accounts of the IIS box (and the login process needs a way to > distinguish). If you drop the Windows integrated and go to clear > text authentication then you can still use domain accounts and you > can specify a default login domain. Of course the clear text nature > of this is definitely not desirable. In standard as-it-ships IIS you > cannot specify a default domain for Windows integrated authentication > (since that is a challenge response discussion where IIS is not an > intimate intermediary able to "adjust" what is being exchanged). > I believe that you might actually want to look at the digest > authentication > capability of IIS 6 or of the older MSCS membership services. > Roger > > -- > Roger Abell > Microsoft MVP (Windows Server : Security) > MCSE (W2k3,W2k,Nt4) MCDBA > > "Gery D. Dorazio" <gdorazio@enque.net> wrote in message > news:%23TtcSKfrFHA.1168@TK2MSFTNGP10.phx.gbl... >> When users access a secured web site I manage the normal Windows login >> dialog appears requiring the username and password. The username text box >> requires the domain\username to be entered. Windows Integrated >> Authentication is being used as the authentication method. >> >> The web site hardware for this system is a web server box, a DNS box with >> Active Directory, and a database box. (This is a SharePoint >> installation.) The internal domain for the three servers is different >> than the web site domain defined for the internet. Correct me if I am >> wrong but I think this is why the username text box requires the >> domain\username and not just the username. Is this correct thinking? >> >> If my thinking is correct so far (or if it's not and you can correct me) >> then my fundamental question is how can I configure this setup to not >> require the domain part of the login? I do not want to change the >> internal domain of the three servers. Is there an alias capability where >> the internal domain can be aliased to match the external web domain being >> requested? >> >> Thanks for any suggestions. >> >> Gery >> >> >> -- >> Gery D. Dorazio >> Development Engineer >> >> EnQue Corporation >> 1334 Queens Road >> Charlotte, NC 28207 >> (704) 377-3327 >> > >
- Previous message: Claudio Szykman: "Super Tips - Free Windows Server Firewall with Brute Force Detecti"
- In reply to: Roger Abell [MVP]: "Re: Can login domain be set to a default?"
- Next in thread: Roger Abell [MVP]: "Re: Can login domain be set to a default?"
- Reply: Roger Abell [MVP]: "Re: Can login domain be set to a default?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
