9 Replies Latest reply on Feb 4, 2009 11:43 AM by AlbanyNYMike

    Pass-Through Security

    robertjuric

      I've set up pass-through security per the admin guide instructions however I'm not able to add the domain\Everyone group using the web console account manager. When I try to add the account, it wants a password for it. Maybe I don't understand pass-through security, but any help on getting this working would be great.

        • Re: Pass-Through Security
          sotherls

          Try to give it a dummy password initially then go back and clear it out (clear it and click change) and save.

          • Re: Pass-Through Security
            robertjuric

            Also, I just noticed, that it's not passing the authentication through. If I close the browser and re-open it, it asks for creditentials. Once I enter them I can log out, reload the page and it passes through just fine.

              • Re: Pass-Through Security
                dperkerson

                I think this is related to the browser security settings. If the server is not listed as a trusted site then it won't pass your domain credentials (unless you have modified your security settings.) I had to pass out instructions to every one to add the server to their list of trusted sites and to make sure that the security settings for trusted sites did indeed forward domain credentials automatically.

                  • Re: Pass-Through Security

                    I am having the exact same issue as teh topic creator.  I have followed the admin guide, step for step, in setting this up.  Got to the last step of adding users using the DOMAIN\user method.

                    It wont let me continue without adding a password.  After reading these posts, I added a dummy password, then cleared it out, which worked.

                    I then pulled up my Orion login page, with browser settings adjusted making orion a "trusted site"

                    I was still prompted for a User ID and PW.  I entered my user ID, left the PW blank and I got it.  However, this is only an illusion of WPTS.

                    I added another account of a different user, and I was able to log in as that user.  Something is not right inmy setup.  Mega kudos to anyone who can point me in the right direction.

                    So far I have followed the admin guide, steps 1 - 14.  I have added Orion as a trusted site.  I have added domain accounts, entered a dummy PW, then went back and deleted dummy PW.  Still no windows passthrough.

                    Please Help!!!

                      • Re: Pass-Through Security

                        SO I think I finally got this set up correctly, but still have a question.

                        I followed all the steps, added http://Orion Server as a trusted site, added the DOMAIN\users accounts with dummy passwords, then I removed the passwords after the accounts were set up.

                        WPTA seems to be working fine, but if a pull up a login page, and type in DOMIAN\user, I am able to get in with Orion logging me in as someone I am not.
                        Anyone know of a workaround for this?

                        I dont want DOMAIN\joe to be able to log into Orion as DOMAIN\jane

                          • Re: Pass-Through Security
                            dperkerson

                            There are two different login prompts that you can recieve when logging into Orion. The first is the standard Orion login. This is the one that you always used before setting up WPTA. This login prompt is only use to verify a u/p against the internal database. If you have created a user named domain/user with no password, then any user that comes to this page and type domain/user will be able to get in. This is why you don't want to clear the password that you entered when you created the user. (I never had to clear mine). The second is a login prompt that is generated by IIS/IE. This prompt comes from the fact that authentication in required by the IIS server. Depending on how you have configured IE, your current domain crendentials will either be forwarded automatically or you will receive a pop-over window that asks for u/p. This is is not a web page but an actual window that pops over IE and can be moved around. If you are not getting this window then you don't have the authentication requirements properly set in IIS. If you are, then this is where you enter the domain/user and password. Once you click OK here you should go to the home page that was configured for that user. Because I have my browser set to automatically forward the credentials I never see that window. I just go straight to the home page.