At 20:33 27-10-01, you wrote:
>i think i was misunderstood.
>i use the NT authentication because all the users in the company have a
>network username & password and i dont want them to have another set of
>username & passwords for this specific server.
>it is working fine as soon as i set NT authentication to true so beforming
>login is checked with the domain admin server of the internal network.
>NOW why do i put .htaccess - that is to block unloggined users to access the
>directory.
>i have many pages on the server, each page has another level of priority so
>this is done easy with .htaccess.
>FORGET about thge .htgroup for the time bieng it is not relevant to the
>problem.
BUT - it is. It's the _root_ of the problem. You're overriding NT Auth with
Basic
Auth, but then again - you're not, since you're not providing a password file.
>at this point i am getting many logs.
>i have pin pointed and seen that if a user opens his WS and tries to access
>a page, the sambar server will greet him with a username & password screen,
>at this point the log is generated.
>i think the log is generated prepeture, because it is onlt suposed to log
>failures
But it _is_ a failure. A NT Auth Login failure. If you want to stop the logs
until you get a grip on the real problem, use this in config.ini:
Trace Failures = false
> and not when somebody is simply wanting to access a page, and he
>has not put in the username&password yet.
No - but he accesses a part of the site, where NT Auth is enabled, but
bypassed and then again _not_ bypassed.
As I already mentioned - I know nothing about this implementation and
how to deal with .htaccess vs. NT Auth. I think Tod should make a section
about this in .htaccess security documentation.
And maybe even set NT AUth as an AuthType directive, like so:
AuthType NTAuth
AuthDomain "Exhange Services"
require group Administrators "Backup Operators" "Dial-in Users"
____________________________________________________
</MELVYN>
void wakeup()
{
for(long int cuppajava;drink();cuppajava++);
}
--------------------------------------------------------------------------------
For unsubscription of this list send an email to [EMAIL PROTECTED] with email
data containing unsubscribe emailadd sambar
