|
Home > Archive > Microsoft Content Management Server > February 2004 > Assign AD group but users cannot be authenticate
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Assign AD group but users cannot be authenticate
|
|
| Bryan Yeo 2004-02-04, 10:44 am |
| I have just setup a server with Active directory users created.
I assign the users group to the site manager, but got an error whn trying to
logon a user from that group.
But if I add the user into the site manager, can login.
Then I try it on another server with Active directory, just by assigning the
group to the site manager, the user can login.
What is the problem with the new server I created?
Both machine are Win2k server.
The new server is throught normal setup no extra application is installed.
| |
| Stefan [MSFT] 2004-02-04, 10:44 am |
| Hi Bryan,
I assume the CMS system account is different between both machines.
The CMS system account needs read and enumeration rights on all OUs in the
user AD.
If you (e.g.) used a local machine account as CMS system account and
anynymous access to AD is disabled then this will not work.
You need to use a CMS system account that is being trusted by the User AD.
Cheers,
Stefan.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Bryan Yeo" <bryanyeo@commerce.com.sg> wrote in message
news:eJx61ZU5DHA.1968@TK2MSFTNGP11.phx.gbl...quote:
> I have just setup a server with Active directory users created.
> I assign the users group to the site manager, but got an error whn trying
toquote:
> logon a user from that group.
> But if I add the user into the site manager, can login.
>
> Then I try it on another server with Active directory, just by assigning
thequote:
> group to the site manager, the user can login.
>
> What is the problem with the new server I created?
> Both machine are Win2k server.
> The new server is throught normal setup no extra application is installed.
>
>
| |
| Bryan Yeo 2004-02-04, 10:45 am |
| My cms system account is a domain admin user.
and anonymous access is enabled.
but still cannot
"Stefan [MSFT]" <stefang@online.microsoft.com> wrote in message
news:%23t8viXY5DHA.2720@TK2MSFTNGP09.phx.gbl...quote:
> Hi Bryan,
>
> I assume the CMS system account is different between both machines.
> The CMS system account needs read and enumeration rights on all OUs in the
> user AD.
> If you (e.g.) used a local machine account as CMS system account and
> anynymous access to AD is disabled then this will not work.
> You need to use a CMS system account that is being trusted by the User AD.
>
> Cheers,
> Stefan.
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.quote:
>
>
> "Bryan Yeo" <bryanyeo@commerce.com.sg> wrote in message
> news:eJx61ZU5DHA.1968@TK2MSFTNGP11.phx.gbl...
trying[QUOTE][color=darkred]
> to
> the
installed.[QUOTE][color=darkred]
>
>
| |
| Stefan [MSFT] 2004-02-04, 10:46 am |
| Hi Bryan,
I did not talk about IIS anonymous access but about AD anonymous access.
Anyway, if the account is an AD account from the same domain as the users
the rights should be granted...
Please try to assign the specific user to a rights group via SiteManager
using the affected server. Does this work?
Just to check if SiteManager can evaluate the user.
Cheers,
Stefan.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Bryan Yeo" <bryanyeo@commerce.com.sg> wrote in message
news:uTMPgQj5DHA.1816@TK2MSFTNGP12.phx.gbl...quote:
> My cms system account is a domain admin user.
> and anonymous access is enabled.
> but still cannot
>
> "Stefan [MSFT]" <stefang@online.microsoft.com> wrote in message
> news:%23t8viXY5DHA.2720@TK2MSFTNGP09.phx.gbl...
the[QUOTE][color=darkred]
AD.[QUOTE][color=darkred]
> rights.
> trying
assigning[QUOTE][color=darkred]
> installed.
>
>
| |
| Bryan Yeo 2004-02-04, 10:47 am |
| Yes if i assign specific user to the site manager it works, but not the
groups.
I had also the AD account in administrator rights group
"Stefan [MSFT]" <stefang@online.microsoft.com> wrote in message
news:ePIAkkl5DHA.2740@TK2MSFTNGP09.phx.gbl...quote:
> Hi Bryan,
>
> I did not talk about IIS anonymous access but about AD anonymous access.
> Anyway, if the account is an AD account from the same domain as the users
> the rights should be granted...
> Please try to assign the specific user to a rights group via SiteManager
> using the affected server. Does this work?
> Just to check if SiteManager can evaluate the user.
>
> Cheers,
> Stefan.
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.quote:
>
>
> "Bryan Yeo" <bryanyeo@commerce.com.sg> wrote in message
> news:uTMPgQj5DHA.1816@TK2MSFTNGP12.phx.gbl...
> the
> AD.
> assigning
>
>
| |
| Stefan [MSFT] 2004-02-04, 10:47 am |
| Hi Bryan,
this sounds as if there is an enumeration problem with the groups!
Maybe the groups are stored in a different OU where the system account does
not have rights to?
Cheers,
Stefan.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Bryan Yeo" <bryanyeo@commerce.com.sg> wrote in message
news:#PYBAjt5DHA.2692@TK2MSFTNGP09.phx.gbl...quote:
> Yes if i assign specific user to the site manager it works, but not the
> groups.
> I had also the AD account in administrator rights group
>
> "Stefan [MSFT]" <stefang@online.microsoft.com> wrote in message
> news:ePIAkkl5DHA.2740@TK2MSFTNGP09.phx.gbl...
users[QUOTE][color=darkred]
> rights.
in[QUOTE][color=darkred]
User[QUOTE][color=darkred]
>
>
|
|
|
|
|