I keep getting HTTP Error 401.1 after entering my credentials, both when connecting from outside through ISA as when connecting internally. When I remove the SPN HTTP/<fqdn> from the Application Pool account I can login fine from the internal network (fallback to NTLM?), but receive http error 403 when connecting through ISA.
I have already added the SPN's HTTP/<fqdn> to the domain account used as Application Pool Identity for Sharepoint, and IIS is configured for "negotiate,NTLM", but still no go. As soon as I remove the SPN and restart IIS I can login from the internal network, so I guess it fallsback to NTLM then.
We use a Radius based OTP solution, I don't think NTLM delegation works with Radius, or does it?
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Have you tried enabling the "collect additional credentials" on the web listener? It is located on the authentication tab.
This will allow you to define a windows username and password in addtion to RADIUS details on a single HTML form. ISA can then delegate the windows credentials in NTLM format to SharePoint, in addition to authenticating the RADIUS OTP.
Cheers
JJ
P.S. I would still suggest you go with Microsoft's recommendation and configure SharePoint for NTLM and then use ISA NTLM delegation.
< Message edited by Jason Jones -- 23.Oct.2007 5:14:53 AM >
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> HTTP 401.1 using Kerberos delegation 
HTTP 401.1 using Kerberos delegation - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread