> i think i was misunderstood.
> i use the NT authentication because all the users in the company have a
> network username & password and i dont want them to have another set of
> username & passwords for this specific server.
> it is working fine as soon as i set NT authentication to true so beforming
> login is checked with the domain admin server of the internal network.
> NOW why do i put .htaccess - that is to block unloggined users to access
the
> directory.
> i have many pages on the server, each page has another level of priority
so
> this is done easy with .htaccess.
> FORGET about thge .htgroup for the time bieng it is not relevant to the
> problem.
> at this point i am getting many logs.
> i have pin pointed and seen that if a user opens his WS and tries to
access
> a page, the sambar server will greet him with a username & password
screen,
> at this point the log is generated.
> i think the log is generated prepeture, because it is onlt suposed to log
> failures and not when somebody is simply wanting to access a page, and he
> has not put in the username&password yet.
> PLEASE help.
> thanks
>
> --
>
> Greetings,
>
> Moti Landes
> Department Manager
> Network Management & Control Center
> Barak ITC Israel
> Email: [EMAIL PROTECTED]
> EmailExpress: [EMAIL PROTECTED]
> GSM phone +97254841108
> ICQ Web-Page: http://wwp.icq.com/5758051
>
> ----- Original Message -----
> From: "Melvyn Sopacua" <[EMAIL PROTECTED]>
> To: "Moti A. Landes" <[EMAIL PROTECTED]>
> Cc: "Sambarlist" <[EMAIL PROTECTED]>
> Sent: Saturday, October 27, 2001 1:54 PM
> Subject: Re: Fw: [sambar] NT authentication problems
>
>
> > At 10:51 27-10-01, you wrote:
> >
> >
> > >--
> > >
> > >Greetings,
> > >
> > > Moti Landes
> > > Department Manager
> > > Network Management & Control Center
> > > Barak ITC Israel
> > > Email: [EMAIL PROTECTED]
> > > EmailExpress: [EMAIL PROTECTED]
> > > GSM phone +97254841108
> > > ICQ Web-Page: http://wwp.icq.com/5758051
> > >
> > >----- Original Message -----
> > >From: "Moti A. Landes" <[EMAIL PROTECTED]>
> > >To: <[EMAIL PROTECTED]>
> > >Sent: Friday, October 26, 2001 3:28 PM
> > >Subject: [sambar] NT authentication problems
> > >
> > >
> > > > hi,
> > > > i have posted this a week ago, sorry to say that i did not get an
> answer
> > > > yet.
> > > > i am asking for some help - i really dont know what to do.
> > > > so here is the problem.
> > > >
> > > > i am working with NT authentication and .htaccess.
> > > > here is an example of an .htaccess file in one of the directories:
> > > > # bbipmon
> > > > AuthName "IP Platform - NMCC Restricted Area"
> > > > AuthGroupFile c:/www/root/.htgroup
> >
> > You're working with NTAuth and you're specifying a group file. So what
> should
> > Sambar do here??? NTAuth has it's own groups. What you're doing is
> overriding
> > NTAuth and expecting Sambar to take the alternate groups and but the NT
> > userbase. If it could do it, without bitching it would simply be
> > surpressing loglines,
> > nothing else.
> >
> > You started the whole idea incorrect:
> > -- NT Authentication has an extensive group/user permission layer, to
> grant
> > users
> > and groups certain privileges
> > -- NT Auth _support_ in Sambar is provided, not because it allows you
'no
> > password'
> > logins as you state below, but to integrate the existing structure into
a
> > webservices
> > environment. Similar to what Exchange/Outlook Webmail does with access
to
> these
> > poor excuses for discussion groups that MS calls 'public folders'.
> >
> > I'm just guessing here, but I think you needed the NT Auth perl script
to
> > write this
> > group file - so you're copying the existing strucure. Why not change
> you're
> > NT Auth
> > domain?? I think that'll do the trick. I haven't used the NT Auth
support,
> > so I have
> > no idea how this works in Sambar and I must say that the documentation
is
> a
> > little
> > slim or I'm looking in the wrong places. Maybe somebody else here can
> > clarify that
> > or Tod can update the docs.
> >
> > So - what the real question here is:
> > "How can I use the Groups and Users from another NT Server or from the
> Domain
> > Controller?"
> >
> > Anyone?
> >
> > > > AuthType Basic
> > > > require group nmccgroup engt nmccadmin ipgroup techsupp
> > > > require user mlandes
> > > >
> > > > remember i use NT authentication so no password file is needed.
> > > >
> > > > problem#1: even before i put in the .htgroup (the list of users
> were in
> > > > the .htaccess file) i am seeing hundreds of
> > > > logs that look like this:
> > > >
> > > > [26/Oct/2001:15:13:13 +0200] NT Authentication: Logon denied for
user
> > > > [26/Oct/2001:15:14:15 +0200] NT Authentication: Logon denied for
user
> > > > [26/Oct/2001:15:15:19 +0200] NT Authentication: Logon denied for
user
> > > > [26/Oct/2001:15:16:22 +0200] NT Authentication: Logon denied for
user
> > > > [26/Oct/2001:15:17:27 +0200] NT Authentication: Logon denied for
user
> > > > [26/Oct/2001:15:18:30 +0200] NT Authentication: Logon denied for
user
> > > >
> > > > problem #2: since i put in the .htgroup file users that dial into
the
> > > > company and try to access my server cant. only if i put there name
in
> the
> > > > .htaccess specificaly (require user) instead of require group it
work.
> > > > while in the company they can access freely (after username &
password
> of
> > > > course) even if his name is only in the .htgroup file.
> >
> > That sounds like too much NT Auth internals for me, apart from the fact
> that
> > the group file is causing problem number 1.
> > Sounds like Alex's expertise, to rephrase it:
> >
> > "Do 'dial-in' users have a different NT Auth Domain or primary group
then
> when
> > logged on locally?"
> >
> >
> > ____________________________________________________
> >
> > </MELVYN>
> >
> > void wakeup()
> > {
> > for(long int cuppajava;drink();cuppajava++);
> > }
> >
>
> --------------------------------------------------------------------------
> ------
> > For unsubscription of this list send an email to [EMAIL PROTECTED]
with
> email
> > data containing unsubscribe emailadd sambar
>
--------------------------------------------------------------------------------
For unsubscription of this list send an email to [EMAIL PROTECTED] with email
data containing unsubscribe emailadd sambar
