Integrated authentication across domains

Integrated authentication across domains

am 08.11.2007 22:16:23 von jonas.berling

Hi!

Our intranet is running IIS6 on Win2k3 and is using Windows Integrated
Authentication without SSL. It is working perfectly as long as the
users are on the same domain as the server.

The company has opened a new office abroad and staff from this office
are on a different domain. We would now want them to be able to access
our intranet over some leased lines and we have opened up the
firewalls accordingly. The users abroad are running IE6 and their IT
admin has set our domain into their browser's intranet zone.

The users can contact the server and are prompted for their login and
password and that's how it should be. They enter \Login and
their password and press enter. The strange thing is that now nothing
more happens. The browsers appear to be loading some data but nothing
appears on the screen, it just stays white. There is no error message
and there is nothing in netiher the servers event log nor its web
server log and it just stays like this "forever". The user's browser
says "intranet" in the bottom right corner, so it appears to got that
one straight.

What could be the problem? Do we have to use SSL? Could it be some
strange setup in the firewalls - the web server is on port 80 and that
is what is opened in the firewalls. Suggestions, anyone?


Regards,

Jonas

Re: Integrated authentication across domains

am 09.11.2007 16:18:35 von DaveMo

On Nov 8, 1:16 pm, jonas.berl...@knowit.se wrote:
> Hi!
>
> Our intranet is running IIS6 on Win2k3 and is using Windows Integrated
> Authentication without SSL. It is working perfectly as long as the
> users are on the same domain as the server.
>
> The company has opened a new office abroad and staff from this office
> are on a different domain. We would now want them to be able to access
> our intranet over some leased lines and we have opened up the
> firewalls accordingly. The users abroad are running IE6 and their IT
> admin has set our domain into their browser's intranet zone.
>
> The users can contact the server and are prompted for their login and
> password and that's how it should be. They enter \Login and
> their password and press enter. The strange thing is that now nothing
> more happens. The browsers appear to be loading some data but nothing
> appears on the screen, it just stays white. There is no error message
> and there is nothing in netiher the servers event log nor its web
> server log and it just stays like this "forever". The user's browser
> says "intranet" in the bottom right corner, so it appears to got that
> one straight.
>
> What could be the problem? Do we have to use SSL? Could it be some
> strange setup in the firewalls - the web server is on port 80 and that
> is what is opened in the firewalls. Suggestions, anyone?
>
> Regards,
>
> Jonas

Hello Jonas,

What domain are they using when the user types their creds? Their
domain or the domain of the resource? Is there a trust established
between the domains?

I would use netmon and see what is going on at the network layer. This
doesn't sound like any kind of behavior I've ever seen that could be
caused by an authentication issue.

HTH,
Dave

Re: Integrated authentication across domains

am 09.11.2007 19:31:15 von Consultant

you have to open the ports on your firewall to allow the credentials to be
passed thru

wrote in message
news:1194556583.948283.53070@v23g2000prn.googlegroups.com...
> Hi!
>
> Our intranet is running IIS6 on Win2k3 and is using Windows Integrated
> Authentication without SSL. It is working perfectly as long as the
> users are on the same domain as the server.
>
> The company has opened a new office abroad and staff from this office
> are on a different domain. We would now want them to be able to access
> our intranet over some leased lines and we have opened up the
> firewalls accordingly. The users abroad are running IE6 and their IT
> admin has set our domain into their browser's intranet zone.
>
> The users can contact the server and are prompted for their login and
> password and that's how it should be. They enter \Login and
> their password and press enter. The strange thing is that now nothing
> more happens. The browsers appear to be loading some data but nothing
> appears on the screen, it just stays white. There is no error message
> and there is nothing in netiher the servers event log nor its web
> server log and it just stays like this "forever". The user's browser
> says "intranet" in the bottom right corner, so it appears to got that
> one straight.
>
> What could be the problem? Do we have to use SSL? Could it be some
> strange setup in the firewalls - the web server is on port 80 and that
> is what is opened in the firewalls. Suggestions, anyone?
>
>
> Regards,
>
> Jonas
>

Re: Integrated authentication across domains

am 10.11.2007 08:00:19 von Roger Abell

Let's assume these domains are in one forest.
The IIS machine needs to be able to contact the domain controllers
of the account domain in order to authenticate the requestor.
Are you leveraging the Windows security event log to help you
see what is (not) happening?

wrote in message
news:1194556583.948283.53070@v23g2000prn.googlegroups.com...
> Hi!
>
> Our intranet is running IIS6 on Win2k3 and is using Windows Integrated
> Authentication without SSL. It is working perfectly as long as the
> users are on the same domain as the server.
>
> The company has opened a new office abroad and staff from this office
> are on a different domain. We would now want them to be able to access
> our intranet over some leased lines and we have opened up the
> firewalls accordingly. The users abroad are running IE6 and their IT
> admin has set our domain into their browser's intranet zone.
>
> The users can contact the server and are prompted for their login and
> password and that's how it should be. They enter \Login and
> their password and press enter. The strange thing is that now nothing
> more happens. The browsers appear to be loading some data but nothing
> appears on the screen, it just stays white. There is no error message
> and there is nothing in netiher the servers event log nor its web
> server log and it just stays like this "forever". The user's browser
> says "intranet" in the bottom right corner, so it appears to got that
> one straight.
>
> What could be the problem? Do we have to use SSL? Could it be some
> strange setup in the firewalls - the web server is on port 80 and that
> is what is opened in the firewalls. Suggestions, anyone?
>
>
> Regards,
>
> Jonas
>