|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IWA with multiple ADHi, have a site on IIS 6.0 configured using IWA only, becaues that site will
grab user's logon information to keep track it. people in same AD with IIS server logon fine with no issues. people in other AD (same domain tree, sibling domains) got 401 error. while those users in sibling domain can access that IIS box through netbios, etc, just fine. (because there is trust between those domains). any thought on how to get it fixed? any idea are greatly appreciated. thanks. Tao Are the user's supplying their user-principal-name, or Domain\User as their
username? IIS 6.0 does not check all trusted domains by default. Cheers Ken Show quoteHide quote "Tao Tao" <Tao T**@discussions.microsoft.com> wrote in message news:7AE1B25E-47B8-444E-A1A7-8CC7F8F96373@microsoft.com... : Hi, have a site on IIS 6.0 configured using IWA only, becaues that site will : grab user's logon information to keep track it. : : people in same AD with IIS server logon fine with no issues. people in other : AD (same domain tree, sibling domains) got 401 error. while those users in : sibling domain can access that IIS box through netbios, etc, just fine. : (because there is trust between those domains). : : any thought on how to get it fixed? any idea are greatly appreciated. : : thanks. : : Tao : : thanks, Ken.
the site is added in IE as trusted site, so IE automatically grab the current AD login and submit them. users are not getting prompted for credentials. How can I configure IIS to check against other AD? thanks a lot. Tao Show quoteHide quote "Ken Schaefer" wrote: > Are the user's supplying their user-principal-name, or Domain\User as their > username? IIS 6.0 does not check all trusted domains by default. > > Cheers > Ken > > -- > Blog: www.adopenstatic.com/cs/blogs/ken/ > Web: www.adopenstatic.com > > > "Tao Tao" <Tao T**@discussions.microsoft.com> wrote in message > news:7AE1B25E-47B8-444E-A1A7-8CC7F8F96373@microsoft.com... > : Hi, have a site on IIS 6.0 configured using IWA only, becaues that site > will > : grab user's logon information to keep track it. > : > : people in same AD with IIS server logon fine with no issues. people in > other > : AD (same domain tree, sibling domains) got 401 error. while those users in > : sibling domain can access that IIS box through netbios, etc, just fine. > : (because there is trust between those domains). > : > : any thought on how to get it fixed? any idea are greatly appreciated. > : > : thanks. > : > : Tao > : > : > > > IIS will automatically check against the domain that it is in (and trusted
domains if the domain is supplied as part of the credentials). Can you post the relevant IIS logfile entries for the requests in question? Cheers Ken Show quoteHide quote "Tao Tao" <Tao***@discussions.microsoft.com> wrote in message news:E6E17C5B-2FE3-45ED-9FBA-B2AB5A8CFABC@microsoft.com... : thanks, Ken. : : the site is added in IE as trusted site, so IE automatically grab the : current AD login and submit them. users are not getting prompted for : credentials. : : How can I configure IIS to check against other AD? : : thanks a lot. : : Tao : : "Ken Schaefer" wrote: : : > Are the user's supplying their user-principal-name, or Domain\User as their : > username? IIS 6.0 does not check all trusted domains by default. : > : > Cheers : > Ken : > : > -- : > Blog: www.adopenstatic.com/cs/blogs/ken/ : > Web: www.adopenstatic.com : > : > : > "Tao Tao" <Tao T**@discussions.microsoft.com> wrote in message : > news:7AE1B25E-47B8-444E-A1A7-8CC7F8F96373@microsoft.com... : > : Hi, have a site on IIS 6.0 configured using IWA only, becaues that site : > will : > : grab user's logon information to keep track it. : > : : > : people in same AD with IIS server logon fine with no issues. people in : > other : > : AD (same domain tree, sibling domains) got 401 error. while those users in : > : sibling domain can access that IIS box through netbios, etc, just fine. : > : (because there is trust between those domains). : > : : > : any thought on how to get it fixed? any idea are greatly appreciated. : > : : > : thanks. : > : : > : Tao : > : : > : : > : > : > 
Other interesting topics
Administrator 401.1 after SP1
UrlScan.dll Terminating IIS folder structure and security. Re: Does Http.sys block all mobile device requests? SelfSSL Utility - Not working? SharePoint password prompting webdav prompts for second password Why is iis6.log on an XP home machine? FSO exploit Service Principal Name Confusion |
|||||||||||||||||||||||
