General discussion

Locked

Intranet Log in

By bhale ·
i have a windows environment: NT 4.0 server, IIS 4, Exchange 5.5, and windows 2000 clients. we are looking to create an intranet and would like some suggestions for handle login... securtity is of course a must.

ben

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Intranet Log in

by mshavrov In reply to Intranet Log in

It depends on number of users you are going to authenticate in Intranet. If it's just a few users (this "few" depends on your willing to handle all these passwords changes), you can create accounts on IIS machine and authorize them by this NT box.
If you have big number of users and you want to keep users synchonyzed with your existing Windows NT accounts, you should either install BDC in Intranet (DMZ???), or should enable traffic between IIS (or Exchange) and PDC through firewall. In the rest it's the same procedures like you have in regular LAN.

Good luck.

Collapse -

Intranet Log in

by bhale In reply to Intranet Log in

ADDITIONAL INFORMATION:
i've got about a 200 users that will be using this intranet. as of right now, we are using NAT enabled router with ip/port mappings instead of a firewall. I would prefer to keep NT authentication separate from the intranet authentication.

Collapse -

Intranet Log in

by bhale In reply to Intranet Log in

Point value changed by question poster.

Collapse -

Intranet Log in

by BenWagg In reply to Intranet Log in

Are you talking about an intranet or an extranet? Your intranet can be on any server behind the firewall, and IIS can be configured to authenticate against the users' NT network credentials.

If you are talking about an extranet, and you do not want IIS to use the NT4 authentication (why?) outside the firewall, then you will need to set up a separate server as your extranet/DMZ, and duplicate all your user accounts on some other platform. This might be done through your firewall software or by building extranet server to be part of a different domain, perhaps with a one-way trust so that you can monitor/maintain it from witin your network.

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums