[WEB4LIB] basic authentication problem with IIS4?

Glen Davies glen at rimu.cce.ac.nz
Mon Mar 8 18:59:20 EST 1999 

Hi again

I will answer part of my own question here. I did a bit more digging 
and came up with an IIS registry entry that changes the rights 
required from logon locally to access via network. You just add a 
new DWORD value to the preferences section of the IIS service 
called LogonMethod. Default value of 0 requires Logon locally, 1 
requires logon as batch job and 2 is access via net
work. 
This means a user just needs rights to access the computer via 
the network, and not to log on locally. It seems to work.

Now my only problems is I don't seem to be able to get users from 
another domain to access restricted resources with basic 
authentication. Users from our Library domain can access 
restricted files and folders ok, but users from our Labs domain 
can't, even though Library and Labs have a trusted/trusting 
relationship, and I have given the labs users rights to access the 
IIS computer from the network and granted them NTFS rights to the 
restricted files. I can get it to work with NT challenge and response 
and putting labs\  before the username, but the majority of our 
users are on Netscape so I would rather have it working with basic 
authentication. Any clues any one?  

Regards
Glen

> Greeting and salutations
> 
> We are wanting to restrict access to some resources via basic 
> authentication on IIS4. We want to use exisiting NTFS permissions 
> to do this, ie. Students have NT login rights to certain lab 
> directories already and we want to just have these same rights 
> carry over to IIS. The problem is that it appears that the only way a 
> user can get access to an restricted resource via IIS is if the user 
> id they use has rights to log on locally to the server involved. None 
> of the documentation I have looked at about IIS secruity has 
> mentioned this, I came to this conclusion by adding and removing 
> permissions until I got it to work.
> We don't want to have to give all the student groups rights to logon 
> locally to the server for obvious reasons, so if anybody has the low 
> down on getting IIS basic authentication to work some other way I 
> would be grateful. 
> 
> Regards
> Glen
> ********************************************
> Glen Davies
> IT Librarian
> Christchurch College of Education
> Dovedale Ave
> Christchurch
> Ph. 64-3-343 7737
> glen at rimu.cce.ac.nz
> http://lib.cce.ac.nz
> ************************************************
> A man's life consisteth not in the abundance
> of the things which he possesseth (Luke 12:15)
> ************************************************

More information about the Web4lib mailing list