At 10:51 27-10-01, you wrote:
>-- > >Greetings, > > Moti Landes > Department Manager > Network Management & Control Center > Barak ITC Israel > Email: [EMAIL PROTECTED] > EmailExpress: [EMAIL PROTECTED] > GSM phone +97254841108 > ICQ Web-Page: http://wwp.icq.com/5758051 > >----- Original Message ----- >From: "Moti A. Landes" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Friday, October 26, 2001 3:28 PM >Subject: [sambar] NT authentication problems > > > > hi, > > i have posted this a week ago, sorry to say that i did not get an answer > > yet. > > i am asking for some help - i really dont know what to do. > > so here is the problem. > > > > i am working with NT authentication and .htaccess. > > here is an example of an .htaccess file in one of the directories: > > # bbipmon > > AuthName "IP Platform - NMCC Restricted Area" > > AuthGroupFile c:/www/root/.htgroup You're working with NTAuth and you're specifying a group file. So what should Sambar do here??? NTAuth has it's own groups. What you're doing is overriding NTAuth and expecting Sambar to take the alternate groups and but the NT userbase. If it could do it, without bitching it would simply be surpressing loglines, nothing else. You started the whole idea incorrect: -- NT Authentication has an extensive group/user permission layer, to grant users and groups certain privileges -- NT Auth _support_ in Sambar is provided, not because it allows you 'no password' logins as you state below, but to integrate the existing structure into a webservices environment. Similar to what Exchange/Outlook Webmail does with access to these poor excuses for discussion groups that MS calls 'public folders'. I'm just guessing here, but I think you needed the NT Auth perl script to write this group file - so you're copying the existing strucure. Why not change you're NT Auth domain?? I think that'll do the trick. I haven't used the NT Auth support, so I have no idea how this works in Sambar and I must say that the documentation is a little slim or I'm looking in the wrong places. Maybe somebody else here can clarify that or Tod can update the docs. So - what the real question here is: "How can I use the Groups and Users from another NT Server or from the Domain Controller?" Anyone? > > AuthType Basic > > require group nmccgroup engt nmccadmin ipgroup techsupp > > require user mlandes > > > > remember i use NT authentication so no password file is needed. > > > > problem#1: even before i put in the .htgroup (the list of users were in > > the .htaccess file) i am seeing hundreds of > > logs that look like this: > > > > [26/Oct/2001:15:13:13 +0200] NT Authentication: Logon denied for user > > [26/Oct/2001:15:14:15 +0200] NT Authentication: Logon denied for user > > [26/Oct/2001:15:15:19 +0200] NT Authentication: Logon denied for user > > [26/Oct/2001:15:16:22 +0200] NT Authentication: Logon denied for user > > [26/Oct/2001:15:17:27 +0200] NT Authentication: Logon denied for user > > [26/Oct/2001:15:18:30 +0200] NT Authentication: Logon denied for user > > > > problem #2: since i put in the .htgroup file users that dial into the > > company and try to access my server cant. only if i put there name in the > > .htaccess specificaly (require user) instead of require group it work. > > while in the company they can access freely (after username & password of > > course) even if his name is only in the .htgroup file. That sounds like too much NT Auth internals for me, apart from the fact that the group file is causing problem number 1. Sounds like Alex's expertise, to rephrase it: "Do 'dial-in' users have a different NT Auth Domain or primary group then when logged on locally?" ____________________________________________________ </MELVYN> void wakeup() { for(long int cuppajava;drink();cuppajava++); } -------------------------------------------------------------------------------- For unsubscription of this list send an email to [EMAIL PROTECTED] with email data containing unsubscribe emailadd sambar
