Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationWindows authentication problemWindows authentication problem
Previous
 
Next
New Post
5/10/2007 6:09 PM
 
ntk006

Joined: 5/2/2007
Posts: 4

I am trying to set up the windows authentication in DNN 4.5.1 on SQL2005 and Windows 2000.

I can log in fine and it adds the users, however it does not give them the proper groups, and yes, the groups are added to the database. The problem is simple, but hard to fix as its the Admin -> Authentication that is the problem.

It comes up with the following problem:

Accessing Global Catalog:
FAIL
Checking Root Domain:
OK
Accessing LDAP:
FAIL
Find all domains in network:
Could not access LDAP to obtain domains info
Logon failure: unknown user name or bad password.

Domain: aaaa.bbb.ccc

Username: BBB\domain user

password: obvious

email: blank

--

And I know the domain user and password and the domain I am using is correct, this is because on the same setup, same site, same database it works on a Windows 2003 server.

I have no clue why it works on a Windows 2003 server,  but not on a Windows 2000 server with the same exact information used to log on in the Admin - Authentication section.

Any help would be great, thanks in advance.
 
New Post
5/11/2007 2:20 PM
 
John VandenBrook


www.vandenbrook.com
Joined: 9/26/2003
Posts: 92

Hello:

I am having issues with Windows Authentication as well, and do NOT want to divert from your specific questions.  It seems to me that using DotNetNuke on an Intranet facing website (... any AD/NTLM environment) in which you would like to use Wiindows authentication for your users who login to a network domain, you need to setup your environment that will allow both "Forms" and "Windows" authentication.  This would make sense since by default, the "admin" and "host" accounts are not domain accounts.  I have tried various combinations and even purchased a module, Active Directory + Groups & Users, from CodeFreak at snowcovered.com but do not have the ideal solution.

If I could quickly outline what you are trying to accomplish and you can make any necessary corrections.  This is at a rather high level:

  1. You would like to be able to login with the "Admin" and "Host" accounts, so that you can manage your content and add skins, modules, etc.
  2. You would like your users to be able to navigate to your Intranet site and have their NT credentials authenticate them without a login prompt, if possible, i.e. single sign-on.
  3. You would like to be able to assign roles to users to manage what content they can and cannot see, and do so using DNN's Roles UI which shows the groups/roles the NT users are assigned.
  4. Similar to (3), you would like to use the Page Settings and Module Settings on a Page to assign who can see what.
  5. (Nice to Have) You do not want to have to anticipate what roles are valid for a user since different users may belong to more groups than others.  In this case you would like to see any additional roles added programmatically for a user if it does not currently exist.
  6. If (5) is not an issue of concern, you would at least like to have domain users associated with the "Registered" role automatically so that they can access pages and modules which have the "Registed" role permissions checked.

I have been searching around on the internet and there many posts and articles which mention how to change this or that attribute, some of which present conflicting information - most likely due to their environment and whether or not they are using DNN or their own ASP.NET website.

If there are any Network Gurus who know how to setup DotNetNuke for Windows authentication, and perhaps, Forms authentication as well this would be very appreciated.  If the steps are different depending on the OS, would it be possible to mention these variations?  The three environments that I am thinking of is Windows XP for development, Windows 2000 Server, and Windows 2003 server.

I am under the gun (like anyone else) in that I am using DotNetNuke 4 for an Intranet website for a large client and cannot move forward until I have this resolved.  Thank you very much for your assistance!

John
 
New Post
5/11/2007 2:48 PM
 
Ben Jones

Joined: 10/24/2006
Posts: 33
I too am interested in “upgrading” to Windows Authentication, mostly so users don’t need to log into the site.   What would be nice is some documentation on how Windows Authentication works with DNN and how to set it up. Since I have numerous security roles already established, I’d love to associate the user’s DNN account with their Windows Authentication account. I realize this doesn’t answer either of your questions, but perhaps it will help get the aid of someone who can.
 
New Post
5/11/2007 4:01 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

The following is how I've setup Authentication for the internet/intranet site running at our school:

  1. Followed the directions for the most part in this post: http://www.dotnetnuke.com/Community/ForumsDotNetNuke/tabid/795/forumid/89/threadid/53005/scope/posts/Default.aspx
  2. I was getting the same error as Ntk006 but found if I uncommented <identity impersonate="true" /> and added an authenticate userName and password to it so that it ended up looking like <identity impersonate="true" userName="domain\username" password="password" />
  3. I then gave that user (doesn't have to be an admin account) the same rights to the DNN directory as the Network Service/ASPNET user.
  4. Because the site is also available over the internet we had to re-comment the <authentication..... /> line (that's the most part from #1) otherwise external users would get an IIS logon prompt. Unfortunately this stops users from being automatically logged in.
  5. To save users from having to login with DOMAIN\username I used the script from this post (http://www.dotnetnuke.com/Community/ForumsDotNetNuke/tabid/795/forumid/89/threadid/60815/scope/posts/Default.aspx) and made the necessary changes for our domain.
  6. Lastly, to make it easier for users to log in while on the intranet I put a link that points to admin/security/windowssignin.aspx and they can just click on that to get logged in (see I Drive or Computer Problems at http://www.bus.nait.ca (yes the site is ugly but that's what you get when people insist on a color combination, it's going to be changed soon) to see what I mean).
 
New Post
5/11/2007 4:30 PM
 
ntk006

Joined: 5/2/2007
Posts: 4

every time I uncomment the <identity impersonate="true"> line it always says: login failed for user: domain\username.

However, as I did say in my first post, the SAME setup that I have on my windows 2000 server WORKS on my windows 2003 server. I first set it up in 2003 and got the auto login working and the authentication to what I would need it.

However now it does the login and auto login, however none of the users are assigned their proper groups. I did add the groups myself into database, and in my Windows 2003 server they are automatically entered as they join the site for the first time, and can remain logged in., However since every time I do this in my Windows 2000 server with the same info (same dotnetnuke folder, copied from one to the other, and same database) it just says:

Root domain: OK and the Global Catalogue and LDAP server both FAIL, hence why the users were not assigned groups. Now, maybe in 2003 I have the wrong permissions, but I did swap out Network Service for ASPNET (2003 and 2000 respectively), but if anyone would possibly say why the it works on Windows 2003 server and NOT Windows 2000 even though its the SAME files, database and domain (yes both are on the domain), that would help a lot.

Thanks in advance,

NTK
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationWindows authentication problemWindows authentication problem


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out