Databases
StackOverflow2013
Postsdbo
POHow can I get MD5/digest authentication working for a different domain?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow can I get MD5/digest authentication working for a different domain?
    primarykey
    data
    text
    <p>I have been asked to set up a SharePoint site (running under IIS7 on 2008 R2) on a server in domain B, so that people in domain A can log in to it using MD5/Digest authentication over HTTP. There is a trust relationship so that B trusts A, and this works for Kerberos authentication. We have set up reversible encryption for passwords and checked that domain B users can log in with Digest, but we can't get it so that domain A users (not in the same domain as the SharePoint server) can log in with MD5/Digest over http. We have also checked with WireShark that the browser seems to be behaving itself (it is the version of IE that comes with Server 2008 R2 - I think IE7 but I don't have that written down).</p> <p>Could you please either tell me how to set this up properly, or provide a link to a Microsoft or other reasonably authoritative document that says that this can't be done?</p> <p>(by the way, we are using SharePoint Foundation (free version))</p> <p>I am editing in some more recent information in case other people hit this, and because I would like any further suggestions to add to this, not duplicate it.</p> <p>1) I set up SharePoint on two servers and then changed the domain of one of them, leaving the application pool users in the original domain. After some mucking around (add DNS suffixes from the original domain, fiddle with AAMs) I found that I could authenticate with digest in both servers, authenticating users in the same domain as the server - I'm not sure if this is a recommended configuration but I thought it was an interesting experiment. So this looks like a Windows feature, not a SharePoint feature.</p> <p>2) Guessing that, I changed my search terms and found at <a href="http://technet.microsoft.com/en-us/library/cc778868%28v=ws.10%29.aspx" rel="nofollow">http://technet.microsoft.com/en-us/library/cc778868%28v=ws.10%29.aspx</a> "The Web server must be a member of the same forest as the user accounts." I think my setup corresponds to different forests, so this looks a lot like a "this behaviour is by design" windows feature.</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USmcdowella
    1. USmcdowella
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POHow can I get MD5/digest authentication working for a different domain?
      1. USmcdowella
      1. VTBountyStart
    2. VO
      singulars
      1. POHow can I get MD5/digest authentication working for a different domain?
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POHow can I get MD5/digest authentication working for a different domain?
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload