Re: Azman: AzAuthorizationStoreClass.Initialize

What is the account that is used to run azman? Does ADAM live on the same
machine or different machine?

--
Dmitri Gavrilov
SDE, DS Admin eXperience

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"mwr" <mwr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:11A07BF7-2D74-4171-AC17-2A2EBE10697B@xxxxxxxxxxxxxxxx
> the impersonation is working without problems
> the. The service account we are using to do impersonation
> is in the Admintrator role. in ADAM
>
> I add to the serice account to the reader role in ADAM.
> Made no difference same error. Access Denied on Initialize
>
> Running XP2 SP2 and Server 2003 SP1.
> Posted this in the DotNetSecurity newsgroup
>
> "Dustin" wrote:
>
>> mwr,
>> Make sure of a couple things..
>>
>> make sure to have <identity impersonate='true' />
>> and MOST IMPORTANTLY !!!
>>
>> <deny users="?" />
>>
>> Since your Using AzMan. Its Recommended that you also use a Network
>> Service
>> account that your application impersonates as.
>>
>> Another thing you can try,
>>
>> Make sure in your Roles under AzMan. The account your impersonating as is
>> in
>> the Readers Role. And Administrators Role.
>>
>>
>> "mwr" wrote:
>>
>> > I thought you might say that, but wasnt sure what newsgroup to try.
>> > Its basically the permissions that the
>> > Microsoft.Interop.security.AzRoles.dll
>> > needs to Intialize the application store in ADAM
>> >
>> > "Joe Kaplan (MVP - ADSI)" wrote:
>> >
>> > > You might want to try one of the programming oriented newsgroups like
>> > > ms.public.dotnet.security,ms.pub.dotnet.framework.aspnet.security or
>> > > ms.pub.platformsdk.security.
>> > >
>> > > Joe K.
>> > >
>> > > "mwr" <mwr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> > > news:447FAFBF-BFC5-439C-BE82-7AF94259846B@xxxxxxxxxxxxxxxx
>> > > >I am calling AzAuthorizationStoreClass.Initialize
>> > > > and i am getting an access denied. My app is an
>> > > > asp.net and i am doing impersonation. The 'Initialize'
>> > > > method works if i add the user acount doing the impersonation
>> > > > to the admininistrator group on the local machine
>> > > > but fails otherwise.
>> > > >
>> > > > I dont want to have to make the account doing the
>> > > > impersonation and admin of the box. What permissions
>> > > > do i need to set in order for the method call to succeed
>> > > > without being an admin of the box.
>> > > >
>> > > >
>> > >
>> > >
>> > >


.

Relevant Pages

  • Re: Azman: AzAuthorizationStoreClass.Initialize
    ... The service account we are using to do impersonation ... I add to the serice account to the reader role in ADAM. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Azman: AzAuthorizationStoreClass.Initialize
    ... account that your application impersonates as. ... Make sure in your Roles under AzMan. ... "mwr" wrote: ... >>> impersonation and admin of the box. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Azman: AzAuthorizationStoreClass.Initialize
    ... ADAM on the WinServer 2003 box. ... I had a service account created and we are doing an impersonation. ... in ADAM and thru azman. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM and Windows Address Book
    ... credentials instead of a fixed service account. ... it is a special LDAP control supported by AD and ADAM ... If I couldn't make it work for WAB, ... credentials in the WAB settings in order to authenticate. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM SP1 on Win2K3 SP1
    ... To use a domain user account as the ADAM service account for SSL communication, I have to request server authentication certificate using that account. ...
    (microsoft.public.windows.server.active_directory)