On Dec 5, 9:07 am, "Ben" <b...@nospam.postalias> wrote:
> Hi,
>
> We've got a Wiki setup on one of our member servers (win2003 std edn) for
> providing information to our users. We also have some documentation stored
> on our main file server (also win 2003 std edn), which is usually accessed
> via a mapped drive, i.e. M: = \\server.domain.com\manuals.
>
> So that these documents can be accessed via the Wiki, I've created some
> virtual directories under the wiki, that point to the UNC paths of the
> required shares. However, I'm having problems accessing those virtual
> directories. I can access them fine if I supply a set of generic credentials
> under the 'Connect As' button. However, some of these documents are not for
> everyone, so I want to use the 'Always use the authenticated user's
> credentials...' option. The trouble is, when I select this option, no one
> can access any of the virtual directories, even using the domain admin
> account.
>
> The directory security is set to anonymous access - disabled, Integrated &
> digest - enabled, realm - domain.com. I've noticed that when I try to
> authenticate, the credentials popup auto enters wiki.domain.com\username,
> rather than the usual domain\username, or just username.
>
> Can anyone help, or suggest a way to get authentication working correctly?
>
> Many thanks
>
> Ben

"David Wang" <w3.4you@gmail.com> wrote in message
news:43f1602b-9f4b-4b6a-b204-99b692e68f65@s12g2000prg.googlegroups.com...
> On Dec 5, 9:07 am, "Ben" <b...@nospam.postalias> wrote:
<snip>
>
>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx
>
> If you want to use Integrated, you will also need to set up delegation
> for that scenario to work. The reason it does not "just work" is for
> security reasons.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //

> Security Settings > Local Policies > User Rights Management > Enable

On Dec 6, 3:52 am, "Ben" <b...@nospam.postalias> wrote:
> "David Wang" <w3.4...@gmail.com> wrote in message
>
> news:43f1602b-9f4b-4b6a-b204-99b692e68f65@s12g2000prg.googlegroups.com...
>
> > On Dec 5, 9:07 am, "Ben" <b...@nospam.postalias> wrote:
> <snip>
>
> >http://www.microsoft.com/technet/prodtechnol/windowsserver2003/techno...
>
> > If you want to use Integrated, you will also need to set up delegation
> > for that scenario to work. The reason it does not "just work" is for
> > security reasons.
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //
>
> Hi David,
>
> Thanks for the reply.
>
> I read through the article, but came across an error when performing the
> delegation steps to assign the webserver 'trust this computer for delegation
> to specified services only - use Kerberos only'. When I add the services,
> CIFS & HOST from the file server, then click apply, I get an error: "The
> following Active Directory error occurred: Access is denied".
>
> Having googled around I found a post that said I had to add the 'Enable
> computer and user accounts to be trusted for delegation' user right to the
> default domain controller policy (Computer configuration > Windows Settings
> > Security Settings > Local Policies > User Rights Management > Enable
> computer and user accounts to be trusted for delegation), which I did.
> However, even after running a GPUPDATE /FORCE on the domain controller I
> still get the above error.
>
> Any ideas how to solve the problem? Not sure if this maybe out of your area
> of knowledge, as its an AD problem, rather than IIS, if so I'll post in an
> active directory specific forum.
>
> Thanks again
>
> Ben