|
Home > Archive > IIS Server Security > June 2006 > A little help (kerberos, netbios, and SPN... oh my!)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
A little help (kerberos, netbios, and SPN... oh my!)
|
|
| Craig Carrigan 2006-06-26, 9:58 pm |
| I have a custom intranet that I have setup for our company. The access is
secured using IWA and when the site is access by server name (QSERVER\internal)
the domain user's credentials are passed automatically and everything is
fine. This is good because we don't want internal users (people part of
our domain) to have to enter a user/pass.
However, one of the integrated ASP apps won't let us use an internal name
because this intranet needs to be more of an extranet, so we have to use
the FQDN. Our domains aren't the same (.local for the QSERVER and a .com
for the FQDN). I've run "setspn -a host/www.oursite.com QSERVER" which I
thought would allow requests from this host header to be passed with IWA,
but it doesn't work.
Our goal is to have ALL of our users, whether they are inside the office
or outside, to use the same website address: http://www.oursite.com/internal
but the internal users not have to enter a password, and all external users
MUST enter one. Any suggestions?
Server 2003
IIS6
web server is a DC
Thanks!
C
|
|
|
|
|