|
Home > Archive > IIS Server Security > April 2005 > IWA with multiple AD
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IWA with multiple AD
|
|
| Tao Tao 2005-04-21, 5:55 pm |
| Hi, have a site on IIS 6.0 configured using IWA only, becaues that site will
grab user's logon information to keep track it.
people in same AD with IIS server logon fine with no issues. people in other
AD (same domain tree, sibling domains) got 401 error. while those users in
sibling domain can access that IIS box through netbios, etc, just fine.
(because there is trust between those domains).
any thought on how to get it fixed? any idea are greatly appreciated.
thanks.
Tao
| |
| Ken Schaefer 2005-04-22, 2:53 am |
| Are the user's supplying their user-principal-name, or Domain\User as their
username? IIS 6.0 does not check all trusted domains by default.
Cheers
Ken
--
Blog: www.adopenstatic.com/cs/blogs/ken/
Web: www.adopenstatic.com
"Tao Tao" <Tao Tao@discussions.microsoft.com> wrote in message
news:7AE1B25E-47B8-444E-A1A7-8CC7F8F96373@microsoft.com...
: Hi, have a site on IIS 6.0 configured using IWA only, becaues that site
will
: grab user's logon information to keep track it.
:
: people in same AD with IIS server logon fine with no issues. people in
other
: AD (same domain tree, sibling domains) got 401 error. while those users in
: sibling domain can access that IIS box through netbios, etc, just fine.
: (because there is trust between those domains).
:
: any thought on how to get it fixed? any idea are greatly appreciated.
:
: thanks.
:
: Tao
:
:
| |
| Tao Tao 2005-04-22, 6:00 pm |
| thanks, Ken.
the site is added in IE as trusted site, so IE automatically grab the
current AD login and submit them. users are not getting prompted for
credentials.
How can I configure IIS to check against other AD?
thanks a lot.
Tao
"Ken Schaefer" wrote:
> Are the user's supplying their user-principal-name, or Domain\User as their
> username? IIS 6.0 does not check all trusted domains by default.
>
> Cheers
> Ken
>
> --
> Blog: www.adopenstatic.com/cs/blogs/ken/
> Web: www.adopenstatic.com
>
>
> "Tao Tao" <Tao Tao@discussions.microsoft.com> wrote in message
> news:7AE1B25E-47B8-444E-A1A7-8CC7F8F96373@microsoft.com...
> : Hi, have a site on IIS 6.0 configured using IWA only, becaues that site
> will
> : grab user's logon information to keep track it.
> :
> : people in same AD with IIS server logon fine with no issues. people in
> other
> : AD (same domain tree, sibling domains) got 401 error. while those users in
> : sibling domain can access that IIS box through netbios, etc, just fine.
> : (because there is trust between those domains).
> :
> : any thought on how to get it fixed? any idea are greatly appreciated.
> :
> : thanks.
> :
> : Tao
> :
> :
>
>
>
| |
| Ken Schaefer 2005-04-23, 2:50 am |
| IIS will automatically check against the domain that it is in (and trusted
domains if the domain is supplied as part of the credentials). Can you post
the relevant IIS logfile entries for the requests in question?
Cheers
Ken
--
Blog: www.adopenstatic.com/cs/blogs/ken/
Web: www.adopenstatic.com
"Tao Tao" <TaoTao@discussions.microsoft.com> wrote in message
news:E6E17C5B-2FE3-45ED-9FBA-B2AB5A8CFABC@microsoft.com...
: thanks, Ken.
:
: the site is added in IE as trusted site, so IE automatically grab the
: current AD login and submit them. users are not getting prompted for
: credentials.
:
: How can I configure IIS to check against other AD?
:
: thanks a lot.
:
: Tao
:
: "Ken Schaefer" wrote:
:
: > Are the user's supplying their user-principal-name, or Domain\User as
their
: > username? IIS 6.0 does not check all trusted domains by default.
: >
: > Cheers
: > Ken
: >
: > --
: > Blog: www.adopenstatic.com/cs/blogs/ken/
: > Web: www.adopenstatic.com
: >
: >
: > "Tao Tao" <Tao Tao@discussions.microsoft.com> wrote in message
: > news:7AE1B25E-47B8-444E-A1A7-8CC7F8F96373@microsoft.com...
: > : Hi, have a site on IIS 6.0 configured using IWA only, becaues that
site
: > will
: > : grab user's logon information to keep track it.
: > :
: > : people in same AD with IIS server logon fine with no issues. people in
: > other
: > : AD (same domain tree, sibling domains) got 401 error. while those
users in
: > : sibling domain can access that IIS box through netbios, etc, just
fine.
: > : (because there is trust between those domains).
: > :
: > : any thought on how to get it fixed? any idea are greatly appreciated.
: > :
: > : thanks.
: > :
: > : Tao
: > :
: > :
: >
: >
: >
|
|
|
|
|