Jeremy
> I have created a webmodule that reads info in files in a dir.
> Now, this dir. is on a an NT Backup Domain Controller machine that I have
> given everyone Full access to.
> When I try to read it, I do a IF Direcotryexists() and it returns false.
> So I pass the full UNC to the DIR, and still I get False. I have also made
a
> share for the dir to, and done all the above again, and still false.
[...]
> SO, does anyone know WHY I have this problem?
The "why" has to do with the way "challenge/response" hash tokens get
passed around when NT boxes try to authenticate one another.
Assume IIS is running on box1 your dir is on box2 and the IIS
"anonymous" user name is IUSR_box1.
When your module tries to access the share on box2, box2
sends a random token for the box1 to encrypt using the password hash
it has for the current user (i.e. IUSR_box1 the one it is "impersonating".
Box1 does that and sends it back to the box2, who checks
if it can get the token back using the hash it has in it's SAM. The
problem (I think) is that the IUSR_box1 user is not known in that SAM
database, so the hashed token doesn't "unhash" and the authentication
attempt fails.
One of the following should fix it:
1. Make IUSR_box1 a DOMAIN user instead of a local user on box1.
(i.e. delete the local account from box1 and create a new user
on the domain controller - then fix up the IIS config to use this new
domain account as the "impersonation" account for anonymous
access. Make sure your new user has "logon locally" and
"network access" permissions.
-or-
2. Create a user IUSR_box1 on box2 and make sure it has the
same password as the local IUSR_box1 on box1. In this
case I think the IUSR_box1 user on box2 doesn't
need "logon locally" permission, only "network access".
-or- (this is a longshot, so i hope one of the above works)
3. Create a share for the shared resource and map a drive
to the share on the IIS machine. Then reference the
resource using Z:\path\filename instead of the UNC
path.
This problem, and variations of it, drove me completely up the
wall when I first ran into it.
good luck
-ns
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
To UnSub, send email to: [EMAIL PROTECTED]
with body of "unsubscribe delphi"
