AD Windows Integrated Authenication Problems

AD Windows Integrated Authenication Problems

  

On one box I have Windows 7/IIS7/AP6  with this system, I have configured the Users application to use Active Directory and set the domain. With Integrated Authentication is turned on I can log in both with the login dialog or by just browsing to the App, with it off I can login in via the log in dialog.

On box #2 I have Windows XP/IIS6/AP6, it is configured the same as above, However I can only authenticate domain users using Integrated Authentication, if they try to use the login dialog it says invalid login. Now if I turn off use Integrated Authentication, but leave the authentication to active directory, they still can't log in (Invalid Login).

One strange thing I noticed was that when I had the domain set to company.com in the configure authentication screen, users created via the Integrated authentication where company\user, while users created via the login screen were company.com\user. So, I have now set the domain to company, otherwise two users get created.

Any idea how I enable the login through the login dialog on the second box? Anyone have an idea why it doesn't work or what I should look at?
thanks
Just an update, the Windows XP box has IIS5.1 and the windows 7 box has IIS7.5
Robin Emig wrote:
Just an update, the Windows XP box has IIS5.1 and the windows 7 box has IIS7.5
 
Hi Robin

Just to clarify: in your XP / IIS 5.1 you indicate that you can login to Uers with Integrated Authentication but you cannot login in the login dialog.
What are you inputting in the login dialog as username:
  • company\user
  • company.com\user
  • user
Also, is there any difference between what you do in XP and in Win7?
Finally, are both boxes (XP and Win7) registered in the domain?

Regarding the dual behavior company/company.com that is actually a limitation of how Integrated Authentication works in Windows - the domain part of the username credentials will by default send the short-domain-name when authenticating; if the long-domain-name is used (in a explicit login box) that will be used instead.

Cheers,