Re: Outlook Web Access through ISA on internal- LAN
- From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 14 May 2002 22:41:07 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 09:41 PM 5/14/2002, you wrote:
>http://www.ISAserver.org
>
>
>If I can get round this without giving users 'log on locally' rights to my
>Exchange server(also a DC!) then I'll be happier.
>
>The fact that basic authentication works for clients external to my LAN
>makes me think that this can't just be a 'log on locally' issue.
I had it the other way around... I didn't catch that part- however, I was
experiencing the exact same thing- admin could log on a single time (mine
was over HTTPS), but regular users could not; they had to continually enter
credentials for each element. In the event log, I saw the "user not
granted appropriate rights" or whatever the exact message was, and knew
right away it was a LoL issue- I gave that group LoL rights, and it worked
perfectly at once. For IIS, the logon type 2 is considered "local"- it is
the way IIS does it.
But, if your external people are accessing it, they probably already have
that right. A regular server has the local "users" group included in the
"Log on locally" policy by default, but a domain controller does not. When
a member server joins the domain, the local "users" group has the domain's
"domain users" group added to it. It would be interesting to know exactly
how you currently have it set.
I don't have the original message anymore- how are you publishing the OWA
site? And is basic authentication the only method selected or do you have
NT Integrated checked as well? I assume you have a default domain selected
under the Basic Authentication properties...
Thanks!
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPOH084hsmyD15h5gEQJEJQCdFQr06suiOlDC0NgbJGgBGqAPBP8An3vM
efxGNwYY80O+2Uhtg9XlTj2O
=Jxr+
-----END PGP SIGNATURE-----
Other related posts:
