MStrong
09-12-2008, 03:52 PM
Hello all,
I have an odd question, perhaps someone could tell me of a possible solution.
I've created our companies internal web site. There is an area for store managers only. I'm using NTFS file level permissions (we've got a windows domain and domain users) to enact security on specific pages. From a web server perspective, access to all pages is allowed to anonymous user (Iuser_servername blah, blah). When an individual clicks on the link for a protected page, the file level permissions prompt the web page viewer for a username and password. All of that works like a charm. If the individual viewing the page is logged into a domain workstation with credentials allowing him to view the page, Kerberos passes the creds correctly and he's given access, if he is not logged in, he is prompted.
My situation is this. If the user is prompted for creds, and enters simply username and passwords, the web page assumes that the page name (internal.domain.local) is the authoritative realm and attempts to pass security credz to the domain controller as such. This obviously fails, because the domain controllers are authoritative only for the root 'domain.local'.
Is there a way to have the page assume the root domain as the authoritative realm, or will i have to do this from a domain controller level and figure out how to have my DC's become authoritative for internal.domain.local without having to build a new server just to pass along requests (which is not going to happen).
Any advice will be greatly appreciated.
Thank you in advance!!
I have an odd question, perhaps someone could tell me of a possible solution.
I've created our companies internal web site. There is an area for store managers only. I'm using NTFS file level permissions (we've got a windows domain and domain users) to enact security on specific pages. From a web server perspective, access to all pages is allowed to anonymous user (Iuser_servername blah, blah). When an individual clicks on the link for a protected page, the file level permissions prompt the web page viewer for a username and password. All of that works like a charm. If the individual viewing the page is logged into a domain workstation with credentials allowing him to view the page, Kerberos passes the creds correctly and he's given access, if he is not logged in, he is prompted.
My situation is this. If the user is prompted for creds, and enters simply username and passwords, the web page assumes that the page name (internal.domain.local) is the authoritative realm and attempts to pass security credz to the domain controller as such. This obviously fails, because the domain controllers are authoritative only for the root 'domain.local'.
Is there a way to have the page assume the root domain as the authoritative realm, or will i have to do this from a domain controller level and figure out how to have my DC's become authoritative for internal.domain.local without having to build a new server just to pass along requests (which is not going to happen).
Any advice will be greatly appreciated.
Thank you in advance!!