Re: IIS and Kerberos problem
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/22/05
- Next message: drazic19: "Re: post 2k to 2003 upgrade"
- Previous message: Ken Schaefer: "Re: back up files"
- In reply to: TechMasters: "IIS and Kerberos problem"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Mar 2005 23:42:18 +1000
a) Check what authentication types are being sent by the server to the
client. You need WWW-Authenticate: Negotiate for Kerberos to work. Use
WFetch or telnet to verify this. WFetch is part of the IIS Resource Kit
Tools which you can download:
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en
b) Ensure that "Enable Integrated Windows Authentication (requires a
restart)" is enabled on the client (Tools -> Internet Options -> Advanced),
so that the IE client uses Kerberos
c) IE will not use Kerberos is the site is in the "Internet" security zone.
So, if the site is accessed by IP address, or FQDN then you will need to add
it to the "Intranet" security zone on your IE clients (either manually,
using script, or using Group Policy)
Cheers
Ken
"TechMasters" <kiosk@comcast.net> wrote in message
news:1v30411gfqaj029tcns65mklvosfv6js6s@4ax.com...
:
:
: I just found out via the security log on the web servers (win2003)
: that my win2k clients are authenticating to the web servers with NTLM
: vs. Kerberos. Web servers and clients are all part of a win2k based
: native domain and the web site is set for Windows Authentication
: only....however the security log on the web server clearly shows NTLM
: as authentication instead of kerberos....any ideas??
- Next message: drazic19: "Re: post 2k to 2003 upgrade"
- Previous message: Ken Schaefer: "Re: back up files"
- In reply to: TechMasters: "IIS and Kerberos problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
