Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationWindows authentication problemWindows authentication problem
Previous
 
Next
New Post
5/11/2007 5:10 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

At this point I'll have to setup a 2000 server for testing purposes but I'm sure I had it working on one about a year or two ago.

I posted how I set ours up just in case you hadn't tried a setup similar. I've seen where uncommenting the impersonation line has worked for some and not others.
 
New Post
5/11/2007 5:17 PM
 
ntk006

Joined: 5/2/2007
Posts: 4

I think the main problem is that the Windows 2000 server is not connecting to the active directory. It is on the domain and setup like my Windows 2003 server, but it cannot access global catalogue or the ldap server, but the domain it accesses fine.

Is there some sort of setup you have to do on the Windows 2000 server to connect to the active directory or is it because I am running this on 2000, while the active directory is running on a Windows 2003 server?

Anyways thanks in advance :)
 
New Post
5/14/2007 2:39 PM
 
John VandenBrook


www.vandenbrook.com
Joined: 9/26/2003
Posts: 92

johnvndnbrk wrote

...you need to setup your environment that will allow both "Forms" and "Windows" authentication. 

This statement from my previous post is actually very wrong.  I was leaning towards setting up two virtual websites, one with with "Anonymous" checked in IIS and the other without - but for several reasons this does not work, the portal alias being only one reason.  I did have luck with the steps by david@newcovenant.com at http://www.dotnetnuke.com/Projects/CoreActiveDirectory/tabid/840/EntryID/234/Default.aspx and have bookmarked the others, just in case.  Below is the post from the link above.  Thanks to all for their help! John

Re: Update TTT.Authentication module with core Authentication    By david@newcovenant.com on 5/31/2006
Here's how I got AD authentication to work in 4.0.3. It's a bit roundabout (Heck, it's a LOT roundabout!), but it worked for me....
1. For a fresh install, just go to the next step. If it's an upgrade, follow Tam Tran's instructions about the database entry, and the file deletion post above. Ignore the rest.
2. In IIS, open Properties on the web site or Virtual Directory > Directory Security tab > Edit button. Uncheck "Anonymous access" and "OK" your way out.
3. In Web.config, comment OUT the Windows Authentication block. Uncomment the Forms Authentication block.
4. Uncomment the "Authentication" item under .
5. Log in with admin account.
6. Go to Admin > Authentication.
7. Check "Windows Authentication?"
8. Check "Synchronize Role?" if you want AD groups sync'ed. (Don't ask me if this doesn't work. Report it as a bug to Tam Tran.)
9. Leave "Provider:" at the default. There's normally only one choice, anyway.
10. Choose "Authentication Type." "Delegation" is a good choice in most cases.
11. "Root Domain:" If you want to authenticate and get groups from the Root forest, then leave this blank. Otherwise, enter the LDAP path to your desired AD tree. Use this format: "LDAP://dc=com,dc=this,dc=that." Using "LDAP://" in the entry overcomes a bug that exists.
12. In most circumstances, you can leave "User Name" and "Password" and "Confirm Password" blank. These are supposed to be for an account that has "Read" access to the active directory. In most cases, EVERY account has read access. So leaving these blank will cause DNN to use your domain account to read the directory.
13. Click "Update." You will get an error message at the next screen. That's OK. Your entries just went into the ModuleSettings table of the database.
14. Log out, and close the browser.
15. Open Web.config, and uncomment the Windows Authentication block. Comment OUT the Forms Authentication block.
16. Save web.config.
17. Open a browser and point it at the site. You should see that the "Login" link says "Logout." This indicates that you were automatically logged in using your AD account. You won't be able to do anything here but browse public pages. But in the background, a user account was created for you, like "domain\username."
18. Close the browser.
19. Open web.config. Disable Windows Authentication and enable Forms Authentication. Save web.config.
20. Open a browser and point it at the site. Log in as Admin.
21. Go to Admin > User Accounts. Click the "all" link. You should see your "domain\username" account in the list.
22. Click the pencil next to that account.
23. Click "Manage Roles for this User."
24. Add this user account to the "Administrators" Role.
25. Log out, and close the browser.
26. Open web.cofig. Last time, I promise. Enable Windows Authentication and disable Forms Authentication. Save web.config.
27. Open a browser and point it at the site. Now you should not only see "Logout" at the Login link, but you should also be able to use the "Admin" menu.

Whenever a user connects to the site, you can now add them to whatever local DNN Role you want to create. If the "Synchronize Roles" feature worked, you should be able to assign AD groups to Roles, too.

 
New Post
5/14/2007 3:09 PM
 
ntk006

Joined: 5/2/2007
Posts: 4

john... and yet that doesnt solve my problem, already have everything set up to work, and should be working, I can logon with my windows credentials, however it does not add the groups.

In admin->authentication it comes up with Fail OK Fail ... and as I have said, the same stuff works on my 2003 server, and the same exact db, same files and same input in the admin -> authentication does not work in Windows 2000.

Is there any fix that has to be done in 2000 to have the admin->authentication come up OK? Because the settings are right (proven by the 2003 server working perfectly)
 
New Post
5/18/2007 3:24 PM
 
John VandenBrook


www.vandenbrook.com
Joined: 9/26/2003
Posts: 92

Hi NTK006:

Would you mind posting the values and results that you use/receive for steps 11 - 15 below?  Also, I could get you the "Easy Active Directory Groups and Users Module" which will create all the Groups from a domain account (and continue to add as needed) that you can use for testing or to take a different approach.  I purchased this module from snowcovered a few weeks ago.  I am not using this module but it at least confirmed that it could read all the groups, etc.  This may be a good choice for your situation.  Email me if interested...my username is johnv and my email host is @dls.net.  Best of luck!

John

11. "Root Domain:" If you want to authenticate and get groups from the Root forest, then leave this blank. Otherwise, enter the LDAP path to your desired AD tree. Use this format: "LDAP://dc=com,dc=this,dc=that." Using "LDAP://" in the entry overcomes a bug that exists.
12. In most circumstances, you can leave "User Name" and "Password" and "Confirm Password" blank. These are supposed to be for an account that has "Read" access to the active directory. In most cases, EVERY account has read access. So leaving these blank will cause DNN to use your domain account to read the directory.
13. Click "Update." You will get an error message at the next screen. That's OK. Your entries just went into the ModuleSettings table of the database.
14. Log out, and close the browser.
15. Open Web.config, and uncomment the Windows Authentication block. Comment OUT the Forms Authentication block.
 
 Page 2 of 2
Previous12 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationWindows authentication problemWindows authentication problem


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out