Outlook Web Access 2000 - Domain/User Login (Full Version)

All Forums >> [Microsoft Exchange 2000] >> Outlook Web Access



Message

rastegarj -> Outlook Web Access 2000 - Domain/User Login (2.May2006 7:50:37 PM)

 I recently migrated all user mailboxes from my old exchange 2000 server to a new exchange 2000 server.  I also moved outlook web access and our web page as I plan to decommission the old server all together.

My problem is that since the move user's cannot login to the server using simply their username and password.  In order to login, they either have to type domain\user or user@domain.com.  I have researched and read about editing the logon.asp file (which I don't see at all on either server), but it doesn't seem that it was edited on the old server.  I do not want to enable clear text authentication for obvious reasons and the old server did not have SSL setup either so I am completely at a loss.

I am new to this entire process as this is the first exchange server I have ever worked on so there is certainly a possibility that I have not configured something properly.  Please help quickly as the pressure is quickly mounting.



leederbyshire -> RE: Outlook Web Access 2000 - Domain/User Login (2.May2006 8:20:44 PM)

Since this is Exchange 2000, you won't find a logon.asp file - that is the E2003 FBA logon page.  It sounds like your Default Auth Domain isn't set on your Exchange Virtual Directory.  You will need to do that if the server is a member server.



rastegarj -> RE: Outlook Web Access 2000 - Domain/User Login (3.May2006 12:34:59 AM)

How do I set the Default Auth Domain?  The only place I have seen that option is in reference to using basic (clear-text) authentication.  The exchange server is a member server so I am sure that you are right.

Thanks in advance for your help!



leederbyshire -> RE: Outlook Web Access 2000 - Domain/User Login (3.May2006 10:29:18 AM)

In Exchange System Manager, open the Servers container, and then expand the server that you use for OWA, then Protocols, HTTP, then click on Exchange Virtual Server.  Right-click on the Exchange VDir in the right-hand panel, and open its properties.  Click Access, then Authentication.  There should be an input field where you can type your domain name.  Type it in whatever format (i.e. NetBIOS or DNS) you need to type in when you log into OWA.



rastegarj -> RE: Outlook Web Access 2000 - Domain/User Login (3.May2006 6:32:01 PM)

I have changed these settings both in ESM and IIS but I cannot get it to work.  Users using firefox or IE 5.5 can access it but not it does not work for users using IE 6.0.   I have even tried rebooting the server following these changes.  Just a note:  the old server was not configured for basic authentication nor was there a default domain configured.  

I am concerned about checking the basic authentication because I do not want to send clear text passwords over the internet.  If I understand correctly, when you select "basic authentication" you are specifying that passwords be sent in clear text over the internet unless you use ssl.  Any idea why it isn't working?

Thanks so much for your help and your patience.



quote:

ORIGINAL: leederbyshire

In Exchange System Manager, open the Servers container, and then expand the server that you use for OWA, then Protocols, HTTP, then click on Exchange Virtual Server.  Right-click on the Exchange VDir in the right-hand panel, and open its properties.  Click Access, then Authentication.  There should be an input field where you can type your domain name.  Type it in whatever format (i.e. NetBIOS or DNS) you need to type in when you log into OWA.



leederbyshire -> RE: Outlook Web Access 2000 - Domain/User Login (3.May2006 8:34:35 PM)

I believe that if you are going to use Integrated Auth only, then users that are not already logged onto the domain will always need to supply the domain name - you can't specify a Default domain like you can in Basic.  Also, your Firefox users will be able to log on without Basic enabled, since Integrated Auth is a proprietary MS authentication protocol.  Only MS browsers understand it.  You are right about the need for SSL, though, if you are going to use Basic - the passwords are only Base64 encoded, and that is very easy to decode.



rastegarj -> RE: Outlook Web Access 2000 - Domain/User Login (4.May2006 7:42:42 PM)

You were right!  So long as I have integrated authentication checked I have to put the domain name in.  My question now is what is the most common configuration.  Do most organizations configure SSL  and use basic authentication or do most use the integrated authentication for better security?  What are your thoughts?



leederbyshire -> RE: Outlook Web Access 2000 - Domain/User Login (4.May2006 9:02:44 PM)

The default setup has Basic and Integrated enabled, so I would guess that that remains the most common.  That also allows you to support non-MS browsers.  Integrated Auth also encrypts the passwords; unlike Basic, which only Base64 encodes them for ASCII-compatible transmission.  Integrated doesn't encrypt the message contents, though.  To encrypt the entire session, you need SSL.



Page: [1]