| G. Sharp 2005-01-13, 5:53 pm |
| Thanks for your response. I have made sure all of those things are set (all
but NTFS authentication had been set - and this hasn't made a difference
anyway - although good to keep in mind). I'm not quite sure you understand my
exact problem - the WebServer is part of the Domain, but not a Domain
Controller. Therefore as far as I can tell: all the clients are trying to
authenticate against the webservers local user accounts (eg. Administrator
password different on DC & Webserver - therefore authentication fails, and
all the students/teachers are obviously not on the local machine - there on
the Domain).
When the user enters in their username in the DOMAIN\USERNAME format - there
are no problems. The problem is: I want the authentication to happen
automatically - I need the webserver to try the Domain as well as the Local
Machine.
This confuses me... Does everyone out there have their Webserver running on
a Domain Controller (If this is the case - authentication is seamless)?
Surely others have required their sort of authentication on a stand-alone
webserver.
If there is no solution - I will simply make the webserver a DC - but didn't
really want to...
I would really appreciate any comments.
Cheers,
G. Sharp
"Miha Pihler [MVP]" wrote:
> Hi,
>
> There usually isn't much to configuring IWA (Integrated Windows
> Authentication). After you enable it on IIS, make sure that you don't also
> have Anonymous Access enabled since it will take precedence to IWA.
>
> Next thing, make sure that users have appropriate NTFS permissions on the
> content of the web (e.g. read permissions). IIS will honor NTFS permissions.
>
> Last thing I can currently think of is that URL of the website where you
> want to use IWA must be in Local Intranet zone.
> If you browse to e.g. http://intranet.domain.com this will probably be in
> Internet zone. If the site is in Internet zone then IE will not send
> username and password (for security reasons - why would you want your
> username and password sent to the internet ;-).). URL http://intranet will
> (should) by default be in Local Intranet zone while http://10.10.10.10 where
> 10.10.10.10 is IP address of your site is again in Internet Zone.
>
> If you have active directory deployed, you can control sites and the zones
> they are put in by using Group Policy. Of course this will only work for
> members of domain/forest...
>
> If you have any more questions, feel free to post back.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "G. Sharp" <GSharp@discussions.microsoft.com> wrote in message
> news:559E3578-F9FB-4050-BB3D-25701A310001@microsoft.com...
>
>
>
|