At 06:00 PM 12/19/01 -0500, you wrote:
>"Uggar" <[EMAIL PROTECTED]> wrote:
> >
> >"NetWin Support Auckland" <[EMAIL PROTECTED]> wrote:
> >>> Is it possible to authenticate users against the existing NT accounts on
> >>the NT(2000) DOMAIN. I know there are external modules like ntauth which
> >>> probably do that. But to be frank, the documentaion is not upto the mark.
> >>Can someone please help me how to use the module
> >>> and any security issues involved. The machine I am running is part of the
> >>domain and I would like users to authenticate using their NT Domain
> >>username/password.
> >>
> >>Hi,
> >>
> >>With NT authentication, you have a choice to either using NTAuth, or
> getting
> >>dnews to authenticate with NT directly.
> >>
> >>When using $lookup$ entries to look up username and passwords, dnews will
> >>check against the local system for authentication. If you need to
> >>authenticate against a domain, you can add the following to dnews.conf
> >>
> >> nt_domain domain
> >>
> >>(This can be a list of domains)
> >>
> >>And then, users can authenticate using their domain login 'user@domain' and
> >>their normal password.
> >>
> >>The documentation for external authentication modules can be found here -
> >>
> >> http://netwinsite.com/dmail/user.htm#external_authentication
> >>
> >>As you note, this documentation is presently not very extensive. I believe
> >>this documentation is about to be restructured and separated from the dmail
> >>manual. I will suggest the documentation be improved when this occurs.
> >>
> >>- Roydon L.
> >>
> >>
> >
> >I put the following in dnews.conf:
> >
> >auth_spawn d:\dnews\ntauth.exe
> >nt_domain <my-nt-domain-name>
> >
> >and did Tellnews->Reload and
> >tried logging in as user@<my-nt-domain-name> and gave the domain password.
> >Got 502 Authentication Error. I am trying only via
> >dnewsweb. In dnewsweb.ini I have put "require_login true"
> >so that I am forced to login. When I create the user in user.dat
> >I can login without any problem. But I want to login using NT domain userid
> >& password. PLease advise.
> >Note: I also tried by removing the auth_spawn "d:\dnews\ntauth.exe" line
> from
> >dnews.conf and got
> >the same error ( code 502 ).
> >
> >Thanks,
> >Uggar
> >
> >
>
>More....
>
>Just to let know that I am able to authenticate against the local users on
>the NT machine on which I am running the dnews, but not against the NT
>domain of which this machine is a member.
Ahh, ok, first there are 'two' ways to authenticate to NT domains, dnews
has a built in
mechanism, and you can also use the ntauth module, either should be
workable, but you
are mixing the settings a bit so thats probably not ideal (it may work but
it will be
confusing :-)
So first remove the auth_spawn setting.
Second modify the dnews service so it's running as a user who has
sufficient rights
to do user lookups (act as part of the system etc) on the domain controller
Then try again.
Failing that get back to me.
ChrisP.
