http://server1 is pointing to \\server2\homedrives<file:///\\server2\homedrives>
so i want users to be able to go to the url and type in their username and password and get access to their home folder but i get the credentials error if i change the path to \\server1\share<file:///\\server1\share> as a test, it works fine. From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Thursday, 13 March 2008 6:39 PM To: NT System Admin Issues Subject: RE: IIS 6 Redirection From: Greg Mulholland [mailto:[EMAIL PROTECTED] Sent: Thursday, 13 March 2008 5:53 PM To: NT System Admin Issues Subject: RE: IIS 6 Redirection Youda man I'm actually trying to host a website on a server and redirect in iis to a share on another server ie \\server2\share Again - what do you mean by "redirect"?!? If you mean http://servername exists on server1, and http://servername/folder gets its content from \\server2\share then all you need is a virtual directory, and map that back to the second server. There's no "redirection" involved here. All you are doing is telling IIS to get the content for a virtual directory from a UNC path rather than a local path. I think with the ntlm permissions its not going to work unless i go with digest or anonymous which i sure as hell don't want to. This doesn't make sense. What are you trying to do? Here are some options: a) Users don't need to authenticate - use anonymous auth, and a fixed identity to connect to the UNC share b) Users need to authenticate to server1, but should all have access to files on server2 - enable whatever AuthN mechanism you want on Server1, but use a fixed identity to connect to server2 c) Users need to authenticate to Server1, but their individual credentials need to flow through to Server2. In this case you have a couple of options: a. Use Basic AuthN (with SSL/TLS to secure credentials in transit) b. Use Kerberos AuthN and delegation to Server2 c. Use Digest/NTLM authN to Server1 and protocol transition to enable Kerberos back to Server2 Go to this link: http://www.adopenstatic.com/cs/blogs/ken/archive/2007/07/19/8460.aspx (IIS and Kerberos Part 5 - Protocol Transition, Constrained Delegation, S4U2S and S4U2P) Which has links to the other 4 parts on how Kerberos and IIS work, and how to get Delegation etc working If you need to use IIS 7.0, then go to Part 6 which has changes in IIS 7.0/Windows Server 2008 Cheers Ken The simplest way i can figure it is to setup the website on server2 and use ntlm that way.. What i am really trying to is give users access to their home drives through IIS. Maybe IIS is not the best way to do it, but i haven't looked at other products yet. If anyone has any better solutions i'm all ears Greg From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Thursday, 13 March 2008 12:58 PM To: NT System Admin Issues Subject: RE: IIS 6 Redirection What do you mean by "redirect"? Are you just trying to map a virtual directory on the IIS server to a UNC share on another server? If so, this is called "UNC Pass Through Authentication" http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx and http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/9b908f1e-8c17-4cc1-ac61-ffd0df854950.mspx?mfr=true should answer your questions. Or are you trying to actually "redirect" the user via a HTTP redirect status? If so, then that's not going to work. Cheers Ken From: Greg Mulholland [mailto:[EMAIL PROTECTED] Sent: Thursday, 13 March 2008 11:36 AM To: NT System Admin Issues Cc: Steve Moffat Subject: IIS 6 Redirection Anyone ever done iis redirection to a share on another server. If the share resides on the iis server itself it works a treat. if the share resides on another server it fails. acls on the shares and ntfs are the same but when i redirect to the other server i get multiple logon prompts and then a 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource. I seem to remember having a similar issue once before and cant remember ever solving it. Anyone have any ideas i would appreciate. Thanks Greg ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
