| Author |
 Topic  |
|
marknias
Starting Member
11 Posts |
 Posted - 26 January 2004 : 10:25:46
|
I have an install of Snitz running on a IIS6 Win2003 box with snitz configured in NT authentication mode. We are moving all our users to AD which means we have about 2/3 of users in a AD Domain and the rest in an NT Domain.
I've found my NT domain users are unable to access the site, all they get is the error:
Active Directory error '80070005'
General access denied error
/inc_func_common.asp, line 804
other than waiting for the rest of our users to be migrated to AD, does anyone have any ideas?
Incedentally, it works fine when running on IIS5.1 |
Edited by - ruirib on 26 January 2004 10:38:38 |
|
|
miperez
Junior Member
Spain
243 Posts |
Posted - 26 January 2004 : 10:40:07
|
I don't know how this authentication works, but I guess that it can be related to network configuration, more than Snitz itself.
Just two questions, that might be relevant:
- Is your W2K3 AD running in native or mixed mode?
- Is there any trust relationship between your new domain, created in the AD, and the old NT one? |
Best Regards
Mikel Perez
"Hell is the place where everything test perfectly, and nothing works"
|
 |
|
|
marknias
Starting Member
11 Posts |
Posted - 26 January 2004 : 11:18:05
|
| it's running native with a 2 way trust to the nt domain |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
|
|
marknias
Starting Member
11 Posts |
Posted - 26 January 2004 : 11:53:20
|
hi Nikkol, i tried adding 'Everyone' and 'OLDNTDOMAIN\Domain Users' with List, Read and Read and Execute for the folder containing snitz
but, still the same error 
the database is SQL located on another server
quote:
Originally posted by Nikkol
do you have the nt domain users in the ntfs permissions on the folder containing the forum and the database?
|
Edited by - marknias on 26 January 2004 11:54:22 |
|
|
|
miperez
Junior Member
Spain
243 Posts |
Posted - 26 January 2004 : 12:04:26
|
Maybe Nikkol can think of something in the code, I do not know it that much; but I wouldn't discard the possibility of a permissions issue between the two coexistant domains.
Maybe you can make a test in order to know if the problem is caused by the system or the forum:
- Create any htm file -so that you cannot experience any problems with asp code- in the website. I assume that the authentication method in IIS is the default one, "anonymous", so you should be able to browse that htm file from any user's browser.
- Afterwards, disable the "anonymous" authentication method, and enable "basic", so that the IIS will ask for a username and password. Try to open that page both entering a username and password for a user created in the AD (there should be no problem either) and a username and password for a user from the NT domain. If the second option doesn't work, it means that the W2K3 server doesn't recognize the NT domain credentials, so Snitz won't be able to authenticate the users.
Afterwards, of course, switch the authentication method back to anonymous, so that everything works as it did before. |
Best Regards
Mikel Perez
"Hell is the place where everything test perfectly, and nothing works"
|
|
|
|
marknias
Starting Member
11 Posts |
Posted - 26 January 2004 : 12:46:56
|
hi Mike,
we have several sites running from this server which work fine with authenticated users from the NT domains. So i dont think it's a simple case of this server not bieng able to authenticate non AD users. However i think this is the only system that looks up which global groups the users are in
quote:
Originally posted by miperez
Maybe Nikkol can think of something in the code, I do not know it that much; but I wouldn't discard the possibility of a permissions issue between the two coexistant domains.
Maybe you can make a test in order to know if the problem is caused by the system or the forum:
- Create any htm file -so that you cannot experience any problems with asp code- in the website. I assume that the authentication method in IIS is the default one, "anonymous", so you should be able to browse that htm file from any user's browser.
- Afterwards, disable the "anonymous" authentication method, and enable "basic", so that the IIS will ask for a username and password. Try to open that page both entering a username and password for a user created in the AD (there should be no problem either) and a username and password for a user from the NT domain. If the second option doesn't work, it means that the W2K3 server doesn't recognize the NT domain credentials, so Snitz won't be able to authenticate the users.
Afterwards, of course, switch the authentication method back to anonymous, so that everything works as it did before.
|
|
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 26 January 2004 : 14:05:39
|
quote:
Originally posted by marknias
hi Nikkol, i tried adding 'Everyone' and 'OLDNTDOMAIN\Domain Users' with List, Read and Read and Execute for the folder containing snitz
but, still the same error
the database is SQL located on another server
What kind of authentication are you using? I had a LOT of problems using Integrated authentication and found out it was because there is no external access allowed using IA. You need to use Basic or anonymous to access items on another server. Very annoying.
Just a thought on something to try. |
Dave Maxwell
Barbershop Harmony Freak |
|
|
|
marknias
Starting Member
11 Posts |
Posted - 27 January 2004 : 04:29:31
|
hi Dave,
we're using integrated windows authentication, this is a requirement unfortunatly because we have to use NT Global Groups to control who as access to which forums.
I dont see why IA would be an issue in this case, the only data i'm accessing externally to this site is the SQL database and that uses a dedicated SQL login. |
|
|
|
marknias
Starting Member
11 Posts |
Posted - 27 January 2004 : 06:29:35
|
UPDATE... i've been doing some testing to find out a bit more about this error.
using some carefully placed respose.end(s) i've tracked this down to this code which is in inc_func_common.asp:
Set strNTUserInfo = GetObject("WinNT://"+strNTUser)
For Each strNTUserInfoGroup in strNTUserInfo.Groups
strNTGroupsSTR=strNTGroupsSTR+", "+strNTUserInfoGroup.name
NEXT
The NT users are bieng authenticated properly (i checked), it fails when it goes to get the list of groups the user is in. For some reason on 2003 this is denied for old NT domains.
In addition i have tested this on three other systems; 2003 Server fails. 2000 Server and XP Pro work.
Incedentally, this doesn't seem like an issue with Snitz itself, but some new thing in iis6 and/or 2003 |
Edited by - marknias on 27 January 2004 07:49:57 |
|
|
|
Kal Corp
Average Member
USA
878 Posts |
|
|
jamescoyle
Starting Member
1 Posts |
Posted - 11 February 2004 : 12:33:36
|
using snitz as a forum on our intranet....
I have a similar problem, I can access the site as administrator, but when I turn on NT Auto Logon I get the following error
error '80070035'
/forums/inc_func_common.asp, line 813
(when accessing the site logged on as someone else)
I am using 2003 server with AD on 2000 Domain controllers, with XP workstations.
the domain format is username\subdomain.domain.com
and also username\domain.com
I have the latest download, with no changes or mods.
When NT Auto Login is off, the site works fine, but asks people to register, which is what I'm trying to avoid.
Any ideas, thanks
james
stressed intranet bod
|
|
|
|
fendermb4
Starting Member
2 Posts |
Posted - 12 April 2004 : 18:10:11
|
| I have this exact same problem, with the exact same configuration as you are reporting above. 2003 DC's, XP workstations. It works if I am logged on locally to the webserver, but not from any other workstation, even if I log on with Domain Admin rights from the other workstations. |
|
|
|
alz
Starting Member
5 Posts |
Posted - 12 April 2004 : 22:07:29
|
Me too. Exactly the same problem. My admin guy explain to me it may come from the fact we are using TRUST to connect our several domain. But I'm not sure.
Someone an explaination?
;) Thx |
|
|
|
fendermb4
Starting Member
2 Posts |
Posted - 13 April 2004 : 14:18:44
|
| I only have one domain, and I have this exact problem. Everything else is the same. 2003 DC's, IIS6, XP clients. I have done alot of adjusting to the IIS permissions, IUSR, various groups. Always get this Active Directory general access denied error whenever I access the page from a different computer. From the webserver where the script resides, it works great no matter who logs in. |
|
|
|
beppe1266
Starting Member
Norway
8 Posts |
Posted - 26 April 2004 : 07:21:39
|
quote:
Originally posted by fendermb4
I have this exact same problem, with the exact same configuration as you are reporting above. 2003 DC's, XP workstations. It works if I am logged on locally to the webserver, but not from any other workstation, even if I log on with Domain Admin rights from the other workstations.
I have exactly the same problem. Any solution to this (please....)
Error:
Microsoft VBScript runtime error '800a01b6'
Object doesn't support this property or method: 'strNTUserInfo.FullName'
/hm-forum/inc_functions.asp, line 1274
Here is the inc_function.asp part:
if strAutoLogon="1" then
strNTUserFullName = Session(strCookieURL & "strNTUserFullName")
if Session(strCookieURL & "strNTUserFullName") = "" then
Set strNTUserInfo = GetObject("WinNT://"+strNTUser)
(line 1274) strNTUserFullName=strNTUserInfo.FullName
Session(strCookieURL & "strNTUserFullName") = strNTUserFullName
end if
When i'm on the server it works fine. The server has IE6 as well.
Beppe
Beppe |
Edited by - beppe1266 on 26 April 2004 07:37:06 |
|
|
|
Topic |
|
Topic Locked
