hi,
i have posted this a week ago, sorry to say that i did not get an answer
yet.
i am asking for some help - i really dont know what to do.
so here is the problem.
i am working with NT authentication and .htaccess.
here is an example of an .htaccess file in one of the directories:
# bbipmon
AuthName "IP Platform - NMCC Restricted Area"
AuthGroupFile c:/www/root/.htgroup
AuthType Basic
require group nmccgroup engt nmccadmin ipgroup techsupp
require user mlandes
my .htgroup file looks like this:
nmccadmin: nmccusr
nmccgroup: mlandes shvarulker orend edaya ysasson enebenzhal pkrempel sdahan
ehazak mbernstein oharari mdanziger
engt: nperry sdavidor ashor tcanor afisher rgodric akatz
ipgroup: aberg skortler mofer ayaniv iyellin hdanon npurazani hshitrit
techsupp: etal iivan revron gsimon
swgroup: ekeren gbenami map
crgroup: gdvash smishel aorlansky isaloniki sshulman
remember i use NT authentication so no password file is needed.
problem#1: even before i put in the .htgroup (the list of users were in
the .htaccess file) i am seeing hundreds of
logs that look like this:
[26/Oct/2001:15:13:13 +0200] NT Authentication: Logon denied for user
[26/Oct/2001:15:14:15 +0200] NT Authentication: Logon denied for user
[26/Oct/2001:15:15:19 +0200] NT Authentication: Logon denied for user
[26/Oct/2001:15:16:22 +0200] NT Authentication: Logon denied for user
[26/Oct/2001:15:17:27 +0200] NT Authentication: Logon denied for user
[26/Oct/2001:15:18:30 +0200] NT Authentication: Logon denied for user
now, i have found that the log appears from this reason.
if a user does not login to the server via a login screen and he accesses a
page directly the authentication screen jumps to recieve a username &
password. at that point the server generates this log. of course the user
can access the page after he enteres the username & password.
the next time he refreshes the authentication jumps again and the log is
generated again.
even if he accesses the page like this: http://username:[EMAIL PROTECTED] the
server generates a log.
please observe that the log comes with a blank user.
problem #2: since i put in the .htgroup file users that dial into the
company and try to access my server cant. only if i put there name in the
.htaccess specificaly (require user) instead of require group it work.
while in the company they can access freely (after username & password of
course) even if his name is only in the .htgroup file.
the first problem is urgent since it is filling my server.log file.
the server has no access to the external internet.
please, any help will be very much appreciated.
thanks
--
Greetings,
Moti Landes
Department Manager
Network Management & Control Center
Barak ITC Israel
Email: [EMAIL PROTECTED]
EmailExpress: [EMAIL PROTECTED]
GSM phone +97254841108
ICQ Web-Page: http://wwp.icq.com/5758051
--------------------------------------------------------------------------------
For unsubscription of this list send an email to [EMAIL PROTECTED] with email
data containing unsubscribe emailadd sambar
