|
Home > Archive > IIS Server Security > January 2004 > iusr and iwan account have wrong machine name
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
iusr and iwan account have wrong machine name
|
|
| Jim McCarthy 2004-01-24, 2:01 am |
| does anyone know why or how iis would create iusr and iwan accounts with the
wrong machinename? The machine in question belongs to a w2k domain using ad.
| |
| David Wang [Msft] 2004-01-24, 2:01 am |
| Did you rename the machine's computer name after installing IIS (to join the
domain, perhaps)?
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Jim McCarthy" <jimm@townpump.com> wrote in message
news:us6uO1I3DHA.2700@tk2msftngp13.phx.gbl...
does anyone know why or how iis would create iusr and iwan accounts with the
wrong machinename? The machine in question belongs to a w2k domain using ad.
| |
| Jim McCarthy 2004-01-24, 2:01 am |
| Hi David
The machine was renamed but the machine name the accounts are showing is not
the old name.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:u%236hmAL3DHA.2308@TK2MSFTNGP11.phx.gbl...quote:
> Did you rename the machine's computer name after installing IIS (to join
thequote:
> domain, perhaps)?
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.quote:
> //
> "Jim McCarthy" <jimm@townpump.com> wrote in message
> news:us6uO1I3DHA.2700@tk2msftngp13.phx.gbl...
> does anyone know why or how iis would create iusr and iwan accounts with
thequote:
> wrong machinename? The machine in question belongs to a w2k domain using
ad.quote:
>
>
>
| |
| David Wang [Msft] 2004-01-24, 2:01 am |
| What is your exact concern with the name of IUSR/IWAM ?
Theoretically, it can be anything as long as it's configured properly in
IIS.
Problems happen when it is not configured properly, or if you have code that
makes incorrect assumptions.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Jim McCarthy" <jimm@townpump.com> wrote in message
news:OiFy5fq3DHA.1264@TK2MSFTNGP11.phx.gbl...
Hi David
The machine was renamed but the machine name the accounts are showing is not
the old name.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:u%236hmAL3DHA.2308@TK2MSFTNGP11.phx.gbl...quote:
> Did you rename the machine's computer name after installing IIS (to join
thequote:
> domain, perhaps)?
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.quote:
> //
> "Jim McCarthy" <jimm@townpump.com> wrote in message
> news:us6uO1I3DHA.2700@tk2msftngp13.phx.gbl...
> does anyone know why or how iis would create iusr and iwan accounts with
thequote:
> wrong machinename? The machine in question belongs to a w2k domain using
ad.quote:
>
>
>
| |
| Jim McCarthy 2004-01-24, 2:01 am |
| David
I'm trying to get basic authentication to work. Works fine on my dev machine
but on the production server it either doesen't recognize the users or it
persists even after the browser has been closed. The only differnce between
the two machines I could find was the accounts with the wrong machine name.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:O20KMzt3DHA.1752@tk2msftngp13.phx.gbl...quote:
> What is your exact concern with the name of IUSR/IWAM ?
>
> Theoretically, it can be anything as long as it's configured properly in
> IIS.
>
> Problems happen when it is not configured properly, or if you have code
thatquote:
> makes incorrect assumptions.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.quote:
> //
> "Jim McCarthy" <jimm@townpump.com> wrote in message
> news:OiFy5fq3DHA.1264@TK2MSFTNGP11.phx.gbl...
> Hi David
>
> The machine was renamed but the machine name the accounts are showing is
notquote:
> the old name.
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:u%236hmAL3DHA.2308@TK2MSFTNGP11.phx.gbl...
> the
> rights.
> the
> ad.
>
>
>
>
| |
| David Wang [Msft] 2004-01-24, 2:01 am |
| For Basic Authentication, IUSR is irrelevant (IUSR is the anonymous user,
which is used when there is no authentication).
Unless your application is medium/high isolation, IWAM is irrelevant.
So, if you try things with Basic in Low Isolation, IUSR/IWAM are not going
to be the cause of your problem.
I would suggest you describe what "Basic is not working on the production
server" means in your case so that we can troubleshoot that.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Jim McCarthy" <jimm@townpump.com> wrote in message
news:eI9NXfu3DHA.2060@TK2MSFTNGP10.phx.gbl...
David
I'm trying to get basic authentication to work. Works fine on my dev machine
but on the production server it either doesen't recognize the users or it
persists even after the browser has been closed. The only differnce between
the two machines I could find was the accounts with the wrong machine name.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:O20KMzt3DHA.1752@tk2msftngp13.phx.gbl...quote:
> What is your exact concern with the name of IUSR/IWAM ?
>
> Theoretically, it can be anything as long as it's configured properly in
> IIS.
>
> Problems happen when it is not configured properly, or if you have code
thatquote:
> makes incorrect assumptions.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.quote:
> //
> "Jim McCarthy" <jimm@townpump.com> wrote in message
> news:OiFy5fq3DHA.1264@TK2MSFTNGP11.phx.gbl...
> Hi David
>
> The machine was renamed but the machine name the accounts are showing is
notquote:
> the old name.
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:u%236hmAL3DHA.2308@TK2MSFTNGP11.phx.gbl...
> the
> rights.
> the
> ad.
>
>
>
>
| |
| Jim McCarthy 2004-01-24, 2:01 am |
| Hi David
I mean users can't authenticate. They get the prompt but after 3 tries they
get an access denied page. If the user has administrative rights then they
will be able to authenticate but they will never get prompted to
authenticate again (even after they close the browser window) unless I force
it in code.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:eSVYDL03DHA.632@TK2MSFTNGP12.phx.gbl...quote:
> For Basic Authentication, IUSR is irrelevant (IUSR is the anonymous user,
> which is used when there is no authentication).
>
> Unless your application is medium/high isolation, IWAM is irrelevant.
>
> So, if you try things with Basic in Low Isolation, IUSR/IWAM are not going
> to be the cause of your problem.
>
> I would suggest you describe what "Basic is not working on the production
> server" means in your case so that we can troubleshoot that.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.quote:
> //
> "Jim McCarthy" <jimm@townpump.com> wrote in message
> news:eI9NXfu3DHA.2060@TK2MSFTNGP10.phx.gbl...
> David
>
> I'm trying to get basic authentication to work. Works fine on my dev
machinequote:
> but on the production server it either doesen't recognize the users or it
> persists even after the browser has been closed. The only differnce
betweenquote:
> the two machines I could find was the accounts with the wrong machine
name.quote:
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:O20KMzt3DHA.1752@tk2msftngp13.phx.gbl...
> that
> rights.
> not
join[QUOTE][color=darkred]
with[QUOTE][color=darkred]
using[QUOTE][color=darkred]
>
>
>
| |
| David Wang [Msft] 2004-01-26, 2:34 pm |
| Ok, this is now a totally separate issue from IUSR/IWAM where we started
from. I presume you've done what I suggested to remove IUSR/IWAM from the
picture.
1. Are you using custom authentication or the authentication supported by
IIS? If custom, it's a different issue to resolve
2. If using IIS-support authentication, what authentication is enabled on
which URLs which are accessed by the users?
3. What URLs are accessed by the users which result in Access Denied? What
does the web log files say?
4. Do the Users have the "Log on Interactively" privilege (for Basic auth)?
As far as credentials "caching" for Administrator goes -- that is a
client-side behavior, not server-side, so it is irrelevant to this
discussion.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Jim McCarthy" <jimm@townpump.com> wrote in message
news:eKaj8p63DHA.1816@TK2MSFTNGP12.phx.gbl...
Hi David
I mean users can't authenticate. They get the prompt but after 3 tries they
get an access denied page. If the user has administrative rights then they
will be able to authenticate but they will never get prompted to
authenticate again (even after they close the browser window) unless I force
it in code.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:eSVYDL03DHA.632@TK2MSFTNGP12.phx.gbl...quote:
> For Basic Authentication, IUSR is irrelevant (IUSR is the anonymous user,
> which is used when there is no authentication).
>
> Unless your application is medium/high isolation, IWAM is irrelevant.
>
> So, if you try things with Basic in Low Isolation, IUSR/IWAM are not going
> to be the cause of your problem.
>
> I would suggest you describe what "Basic is not working on the production
> server" means in your case so that we can troubleshoot that.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.quote:
> //
> "Jim McCarthy" <jimm@townpump.com> wrote in message
> news:eI9NXfu3DHA.2060@TK2MSFTNGP10.phx.gbl...
> David
>
> I'm trying to get basic authentication to work. Works fine on my dev
machinequote:
> but on the production server it either doesen't recognize the users or it
> persists even after the browser has been closed. The only differnce
betweenquote:
> the two machines I could find was the accounts with the wrong machine
name.quote:
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:O20KMzt3DHA.1752@tk2msftngp13.phx.gbl...
> that
> rights.
> not
join[QUOTE][color=darkred]
with[QUOTE][color=darkred]
using[QUOTE][color=darkred]
>
>
>
|
|
|
|
|