|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Windows 2003 Server and IIS 6.0: Domain users can't access my web site :(Hello all.
I have Windows 2003 Server who work like Domain Controler. On a DC I use IIS 6.0 because I have internel web site. This Web site must access from domain users via internal network and therefore I set on IIS option "Integrated Windows authentication" for better Security. Actually problem is that when on Workstations is Logon like a Domain User, IIS Return error: HTTP Error 401.1 - Unauthorized. If I Logon like a Domain Admin I have permission and web site work perfect. Thanks for help in advance.
Show quote
Hide quote
"Mark Smith" <news_r***@mail.bg> wrote in message NTFS permissions for Domain Users is:news:OmAyiUeYFHA.2796@TK2MSFTNGP09.phx.gbl... > Hello all. > I have Windows 2003 Server who work like Domain Controler. > On a DC I use IIS 6.0 because I have internel web site. This Web > site must access from domain users via internal network and therefore > I set on IIS option "Integrated Windows authentication" for better Security. > Actually problem is that when on Workstations is Logon like a > Domain User, IIS Return error: HTTP Error 401.1 - Unauthorized. > If I Logon like a Domain Admin I have permission and web site work > perfect. > Thanks for help in advance. > > Read & Execute, List Folders Contents, Read But I give Full Permissions of Domain users on NTFS and then Web site again is not permited for domain users. Mm.. post the log entries of those login requests. also you can try authdiag
(microsoft.com) to troubleshoot. -- Show quoteHide quoteRegards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ "Mark Smith" <news_r***@mail.bg> wrote in message news:eGyOlbeYFHA.3132@TK2MSFTNGP09.phx.gbl... > "Mark Smith" <news_r***@mail.bg> wrote in message > news:OmAyiUeYFHA.2796@TK2MSFTNGP09.phx.gbl... >> Hello all. >> I have Windows 2003 Server who work like Domain Controler. >> On a DC I use IIS 6.0 because I have internel web site. This Web >> site must access from domain users via internal network and therefore >> I set on IIS option "Integrated Windows authentication" for better > Security. >> Actually problem is that when on Workstations is Logon like a >> Domain User, IIS Return error: HTTP Error 401.1 - Unauthorized. >> If I Logon like a Domain Admin I have permission and web site work >> perfect. >> Thanks for help in advance. >> >> > > NTFS permissions for Domain Users is: > > Read & Execute, > List Folders Contents, > Read > > But I give Full Permissions of Domain users on NTFS and then Web site > again is not permited for domain users. > > Sorry for a late....
this is log ex050528.log file: #Software: Microsoft Internet Information Services 6.0 #Version: 1.0 #Date: 2005-05-28 08:15:50 #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2005-05-28 08:36:24 192.168.1.13 GET /Clients/ - 80 - 192.168.1.14 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 500 0 2147746304 2005-05-28 08:36:45 192.168.1.13 GET /Clients/ - 80 - 192.168.1.14 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401 2 2148074254 2005-05-28 08:36:45 192.168.1.13 GET /Clients/ - 80 - 192.168.1.14 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401 1 0 In this moment I connect unsuccessful to IIS-WWW like a Domain User. p.s. If I find any decision, I will public it in this topic. Show quoteHide quote "Bernard" <qbern***@hotmail.com.discuss> wrote in message news:OrfKjjmYFHA.612@TK2MSFTNGP12.phx.gbl... > Mm.. post the log entries of those login requests. also you can try authdiag > (microsoft.com) to troubleshoot. > > -- > Regards, > Bernard Cheah > http://www.microsoft.com/iis/ > http://www.iiswebcastseries.com/ > http://www.msmvps.com/bernard/ > > > "Mark Smith" <news_r***@mail.bg> wrote in message > news:eGyOlbeYFHA.3132@TK2MSFTNGP09.phx.gbl... > > "Mark Smith" <news_r***@mail.bg> wrote in message > > news:OmAyiUeYFHA.2796@TK2MSFTNGP09.phx.gbl... > >> Hello all. > >> I have Windows 2003 Server who work like Domain Controler. > >> On a DC I use IIS 6.0 because I have internel web site. This Web > >> site must access from domain users via internal network and therefore > >> I set on IIS option "Integrated Windows authentication" for better > > Security. > >> Actually problem is that when on Workstations is Logon like a > >> Domain User, IIS Return error: HTTP Error 401.1 - Unauthorized. > >> If I Logon like a Domain Admin I have permission and web site work > >> perfect. > >> Thanks for help in advance. > >> > >> > > > > NTFS permissions for Domain Users is: > > > > Read & Execute, > > List Folders Contents, > > Read > > > > But I give Full Permissions of Domain users on NTFS and then Web site > > again is not permited for domain users. > > > > Where the rest of the log file ? this is normal behavior as IE is connecting
as anonymous user first then act upon the auth header replied by IIS. 401.2 and 401.1 is just part of th process. Though 500 error is something that not normal. -- Show quoteHide quoteRegards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ "Mark Smith" <news_r***@mail.bg> wrote in message news:ud8VDD2YFHA.1092@tk2msftngp13.phx.gbl... > Sorry for a late.... > > this is log ex050528.log file: > > #Software: Microsoft Internet Information Services 6.0 > #Version: 1.0 > #Date: 2005-05-28 08:15:50 > #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port > cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status > 2005-05-28 08:36:24 192.168.1.13 GET /Clients/ - 80 - 192.168.1.14 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 500 > 0 > 2147746304 > 2005-05-28 08:36:45 192.168.1.13 GET /Clients/ - 80 - 192.168.1.14 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401 > 2 > 2148074254 > 2005-05-28 08:36:45 192.168.1.13 GET /Clients/ - 80 - 192.168.1.14 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401 > 1 > 0 > > In this moment I connect unsuccessful to IIS-WWW like a Domain User. > > p.s. If I find any decision, I will public it in this topic. > > "Bernard" <qbern***@hotmail.com.discuss> wrote in message > news:OrfKjjmYFHA.612@TK2MSFTNGP12.phx.gbl... >> Mm.. post the log entries of those login requests. also you can try > authdiag >> (microsoft.com) to troubleshoot. >> >> -- >> Regards, >> Bernard Cheah >> http://www.microsoft.com/iis/ >> http://www.iiswebcastseries.com/ >> http://www.msmvps.com/bernard/ >> >> >> "Mark Smith" <news_r***@mail.bg> wrote in message >> news:eGyOlbeYFHA.3132@TK2MSFTNGP09.phx.gbl... >> > "Mark Smith" <news_r***@mail.bg> wrote in message >> > news:OmAyiUeYFHA.2796@TK2MSFTNGP09.phx.gbl... >> >> Hello all. >> >> I have Windows 2003 Server who work like Domain Controler. >> >> On a DC I use IIS 6.0 because I have internel web site. This Web >> >> site must access from domain users via internal network and therefore >> >> I set on IIS option "Integrated Windows authentication" for better >> > Security. >> >> Actually problem is that when on Workstations is Logon like a >> >> Domain User, IIS Return error: HTTP Error 401.1 - Unauthorized. >> >> If I Logon like a Domain Admin I have permission and web site work >> >> perfect. >> >> Thanks for help in advance. >> >> >> >> >> > >> > NTFS permissions for Domain Users is: >> > >> > Read & Execute, >> > List Folders Contents, >> > Read >> > >> > But I give Full Permissions of Domain users on NTFS and then Web site >> > again is not permited for domain users. >> > >> > > >  
Other interesting topics
Problems with authenticated users accessing asp's
SetSPN.Exe Exchange relay for Exchange total newb can't access susadmin page SMTP Relaying Help Cannot Create new VS Web Project Wilcard Cert and Site Identifier number IIS 401 - Unauthorized to access the document IIS6 and Authentication across Servers and Domains anonymous user does not work |
|||||||||||||||||||||||
