That must be the problem, I'm seeing NTLM as the authentication package. I've
tried some things from your security briefs, but the package is still NTLM...
"Dominick Baier [DevelopMentor]" wrote:
> Hello Paul,
>
> as long as there is a path of trust between all parties - this should work.
>
> Make sure that Kerberos is used between browser and web server, e.g. by inspecting
> the security log - you should see a log on event for the client - the authentication
> package has to be Kerberos (instead of NTLM) - or use a sniffer like
www.ethereal.com > so see if Kerberos Service Ticket Requests are being made. For delegation
> to work you need Kerb auth all the way through.
>
> read more here:
>
http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx > ---------------------------------------
> Dominick Baier - DevelopMentor
>
http://www.leastprivilege.com >
> > Hi, I've already posted this in a different group, but I've received
> > no reponses...
> >
> > -------
> >
> > I have some load balanced IIS servers, which get content and .NET
> > applications from clustered file servers using UNC shares. The content
> > within the shares are secured using NTFS file permissions. I've turned
> > on delegation so that the IIS servers are allowed to delegate to the
> > file servers, and this is working.
> >
> > We have a seperate (but trusted) domain, users from this domain have
> > also been granted rights to the files on the file servers, however
> > they are being denied access to the content through the IIS servers. I
> > can only assume that the delegation is only working for users which
> > are on the same domain as the servers?
> >
> > If it is not possible, this will seriously mess up how some of our
> > applications work... so I'm hoping someone has a solution.
> >
>
>
