1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Authentication with AD, NT4.0 and IIS

Discussion in 'Windows Server System' started by budfoot, 2006/01/06.

  1. 2006/01/06
    budfoot

    budfoot Inactive Thread Starter

    Joined:
    2006/01/06
    Messages:
    2
    Likes Received:
    0
    I'm having a problem.

    I have a web app on a windows 2003 server (sp1) that is part of an AD domain.

    I have users in a NT 4.0 domain that are trying to access the website via Windows Authentication.

    Windows Auth works fine for AD users. Not so much for the 4.0 users.

    LMHost files on 4.0 PDC point at the PDC emulator of the AD domain.
    LMHost on the IIS server has an entry for the 4.0 PDC and the #DOM tag.

    I can map a network drive to the NT 4.0 domain server (IPC) from the web server using the net use command and specifying the 4.0 domain user account.

    Now, when i try to browse the web app from a 4.0 user's machine, i get:

    "No authority could be contacted for authentication "

    Any ideas?

    I also wanted to add, this is happening with both DNS names and IP addresses.
     
    Last edited: 2006/01/06
    budfoot,
    #1
  2. 2006/01/09
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    I think you will need to set up a trust relationship between the NT4 domain and the AD. The trust need only be one way (AD trusts NT4 users). You may also have to set up permissions on the application folders for an NT4 user group.
     
    ReggieB,
    #2


  3. to hide this advert.

  4. 2006/01/09
    budfoot

    budfoot Inactive Thread Starter

    Joined:
    2006/01/06
    Messages:
    2
    Likes Received:
    0
    Sorry, i should have added that.

    We have a two way trust going between the two.
     
    budfoot,
    #3
  5. 2006/01/10
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    I can't find any specific note on NT4 permissions in 2003 IIS documentation in my "library ".

    From what I have found it should be NTFS permissions controlling access in your set up (rather than using web permissions). Therefore, I'd look at your file access rights on the files being published by the IIS service. You will need an explicit rule that allows access to a group containing the NT4 users.

    I'm not sure what you mean by this, but it might be worth pointing out that authentication for NT4 was a NetBIOS process and therefore worked with Microsoft Domains. These are different to DNS domains. I think using a DNS domain name as part of an NT4 log on may be taking you up a blind alley.

    Have you tried using the domain specific login. That is rather than entering:

    • username

    Try using

    • domainname\username

    By the way, I can never remember the direction of the slash for this. It may be domainname/username
     
    ReggieB,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...