|
Home > Archive > IIS Server Security > October 2005 > Integerated Authentication Not Work?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Integerated Authentication Not Work?
|
|
| Richard Morey 2005-10-24, 3:29 pm |
| Hi --
We have two servers in our office running Active Directory. One is a Windows
/ Exchange 2003 server and the other is a Windows 2000 box. My client PCs
are all running XP Pro, SP2 and log in to the domain controller.
I have set up our corporate intranet on the Windows 2000 machine. I would
like the users to log in to this site but only if they are using a machine /
account not valid on the domain. If they are on their desktop machine and
have already logged in to the domain I would like them to not have to
re-enter their username/password to access the website. I have turned off
Anonymous access and turned on "Integrated Windows Authentication" but I am
prompted for my username and password AND I can not log in with it.
Can anyone offer some advice as to what I have not set up correctly ?
Thanks
Rich
| |
| Miha Pihler [MVP] 2005-10-24, 3:29 pm |
| Hi Richard,
Few things to pay attention to:
- users will need NTFS permission on the content (e.g. read permissions --
recommended). E.g. if your portal content is stored on d:\HTTP\Portal\...
users will need Read permission on Portal folder...
- Integrated authentication will only work if the site that users browse to
is in Local Intranet Zone. By default URLs like http://intranet or
http://server are in Local Intranet Zone. If you enter
http://intranet.domain.com or http://server.domain.com or ... these sites
will not be in Local Intranet Zone. Same goes if you e.g. enter
http://10.10.10.10 where 10.10.10.10 is IP address of your Intranet server.
Make sure that URLs like http://intranet.domain.com are in Local Intranet
zone...
I hope this helps,
--
Mike
Microsoft MVP - Windows Security
"Richard Morey" <rwmorey71@hotmail.com> wrote in message
news:eWmBXnL2FHA.2884@TK2MSFTNGP09.phx.gbl...
> Hi --
>
> We have two servers in our office running Active Directory. One is a
> Windows / Exchange 2003 server and the other is a Windows 2000 box. My
> client PCs are all running XP Pro, SP2 and log in to the domain
> controller.
>
> I have set up our corporate intranet on the Windows 2000 machine. I would
> like the users to log in to this site but only if they are using a machine
> / account not valid on the domain. If they are on their desktop machine
> and have already logged in to the domain I would like them to not have to
> re-enter their username/password to access the website. I have turned off
> Anonymous access and turned on "Integrated Windows Authentication" but I
> am prompted for my username and password AND I can not log in with it.
>
> Can anyone offer some advice as to what I have not set up correctly ?
>
> Thanks
>
> Rich
>
>
| |
| Bernard Cheah [MVP] 2005-10-25, 2:49 am |
| Also, take a look at this article. IWA will not prompt for login if user
already logged on to domain.
Internet Explorer May Prompt You for a Password
http://support.microsoft.com/?id=258063
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message
news:%232fBUxL2FHA.3864@TK2MSFTNGP12.phx.gbl...
> Hi Richard,
>
> Few things to pay attention to:
> - users will need NTFS permission on the content (e.g. read permissions --
> recommended). E.g. if your portal content is stored on d:\HTTP\Portal\...
> users will need Read permission on Portal folder...
> - Integrated authentication will only work if the site that users browse
> to is in Local Intranet Zone. By default URLs like http://intranet or
> http://server are in Local Intranet Zone. If you enter
> http://intranet.domain.com or http://server.domain.com or ... these sites
> will not be in Local Intranet Zone. Same goes if you e.g. enter
> http://10.10.10.10 where 10.10.10.10 is IP address of your Intranet
> server.
> Make sure that URLs like http://intranet.domain.com are in Local Intranet
> zone...
>
> I hope this helps,
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Richard Morey" <rwmorey71@hotmail.com> wrote in message
> news:eWmBXnL2FHA.2884@TK2MSFTNGP09.phx.gbl...
>
>
|
|
|
|
|