Re: Authentication troubles
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/23/04
- Previous message: Bart: "Homepage viewing on my computer using IIS"
- In reply to: Jerry: "Authentication troubles"
- Next in thread: Bernard: "Re: Authentication troubles"
- Reply: Bernard: "Re: Authentication troubles"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 23 Mar 2004 14:04:02 +1100
a) NTLM v2 authentication does not work through most proxy servers, because
it requires an open end-to-end connection between server and client for a
couple of back-and-forward messages. If there is a proxy server between him
and your server, NTLM v2 authentication will most likely fail
b) Ensure that he is including the appropriate Domain Name in the user
crentials: Domain\Username, otherwise IIS will use the local machine, i.e.
assume that the user wants WebServerName\UserName which may not be a valid
account.
Cheers
Ken
"Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
news:%232d11lGEEHA.2908@TK2MSFTNGP09.phx.gbl...
: I have a web folder setup on IIS 5 on Win 2K server. The authentication
: level is set to Integrated Windows Authentication, and I do not allow
: anonymous access. It wouldn't matter if I did, because the folder and
it's
: contents have specific NTFS permissions. This has been working well for
all
: clients accessing it until now.
:
: One client is running Win 98 se with IE 5.5 SP2 - current on all
patches.
: When the user tries to connect from that machine using IE, he gets
prompted
: three times for a username and password, then it gives the "You are not
: authorized to view this page" message in IE. When he tries to add the web
: folder in Windows Explorer, he gets prompted three times, then gets the
: message, "You do not have permission to access this web folder location."
: All I get in the IIS log is a 401 entry, but no error messages or
indication
: of what is happening.
:
: When I switch the authentication to Basic, he is able to logon just
fine.
: It appears that the username is not being received correctly by IIS
because
: he is not able to lock out the account after enough tries with an
: intentionally wrong password (but it can be done by a client that is able
to
: logon normally).
:
: He is running Roadrunner-provided hi-speed internet with Norton Personal
: Firewall. He has tried with the firewall software disabled, but that did
: not work. I have verified that the server will accept LM, NTLM, and NTLM
: v.2 requests. I have verified his IE Security and Advanced settings with
a
: similar client that is able to logon correctly. I am running out of
ideas.
: The only thing I can figure is that Roadrunner may have something in their
: setup that is not allowing this to function - but that seems like a
: longshot.
:
: Although I have found several posts dealing with Integrated Windows
: Authentication and logon failures, I have not found any that solve or
: explain my circumstance. Any help would be greatly appreciated.
:
: One side note about the IIS logs - when it logs his attempt to connect,
: his client information is listed as
: (compatible;+MSIE+5.5;+Windows+98;+T312461). I looked up the T312461
: because it doesn't show up on any other clients that I've seen, even if
they
: are current on MS patches. It does not appear to be part of the
: authentication problem, but I'm including it just in case it sticks out to
: someone.
:
: Thanks for your help,
: Jerry
:
:
- Previous message: Bart: "Homepage viewing on my computer using IIS"
- In reply to: Jerry: "Authentication troubles"
- Next in thread: Bernard: "Re: Authentication troubles"
- Reply: Bernard: "Re: Authentication troubles"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
