The objective is to login into windows 2000, point a browser to a domino server and authenticate automatically. I am unclear if setting up DA using ActiveDirectory as an LDAP source will do the trick.
Your input is appreciated.
Jordan
Subject: And is using the IIS stack the only answer?
Subject: Can Domino use NT authentication to pass credentials via Active Directory? Has anyone succeeded?
If a user is authenticated to a Windows 2000 Domain then yes IIS passes credentials to Domino. You need to set IIS to integrated windows authentication.
You can also specify that IIS performs no authentication so that all authentication is handled by the Domino server. In this instance you set the access in IIS to Anonymous only and disable any other security options.
Subject: RE: Can Domino use NT authentication to pass credentials via Active Directory? Has anyone succeeded?
Alex,
Thanks for your response. What about with the Domino HTTP stack using Directory Assistance pointing to a W2k ActiveDirectory? It will see the credentials, but does SSO work in that case or will users be prompted to reauthenticate? Many people I’ve spoken to say yes, but no one has actually pulled it off.
Jordan
Subject: RE: Can Domino use NT authentication to pass credentials via Active Directory? Has anyone succeeded?
Ok you got me on that one. I haven’t tried that exact configuration so I’m not sure. If I get some spare time I’ll give it a try and let you know.
Alex
Subject: RE: Can Domino use NT authentication to pass credentials via Active Directory? Has anyone succeeded?
Users are prompted to authenticate.
Create a directory assistance db with a directory assistance document for connection to your AD LDAP. Add LDAP user names to db ACLs or NAB groups in the form
cn=loginxxx/ou=aaa/ou=bbb/ou=ccc/dc=xxx/dc=yyy
use your own OUs and DCs!
There’s no need to have person documents in the NAB for someone who’s in AD.
Does anyone know if its possible to use say just a user’s Windows login instead of their distinguished name (as above)? I’ve tried custom filters.