How to accept users from a none trusted domain but still use NTLM
Posted on 2009-05-18
I am using IIS on Windows Server 2003, isapi redirect and Tomcat.
The web server runs in a domain, but users are coming from an other domain.
Not trust relationship is in place. I want to use NTLM, to get the credentials without the user typing them. The tomcat application will be doing the authentication. So I need IIS to pass the credential.
I have trouble to avoid IIS to authenticate the users against the local server. Use the IIS diagnostic tools to debug this. Using WFetch, forcing NTLM with a user/domain/password
that exist on the server IIS let me access the pages. But if I use a user unknown on the server
, then I get an authentication failure.
I have tried to play with the permission, using the group Everyone on the directory, and
enabled the security policy "Let everyone permissions apply to anonymous users".
I have made similar configuration on a Windows XP (within a workgroup) without problem. But on Windows Server I have issues, I am not sure why.
How can I force IIS to accept the credentials as-is without rejecting the user?