Active Directory Setup
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=24844
Printed Date: 04 April 2026 at 8:10am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Active Directory Setup
Posted By: jayjay00
Subject: Active Directory Setup
Date Posted: 16 November 2007 at 5:44pm
|
Wow, I have searched and searched and I cannot find anything on how to setup Active Directory. I've seen a million people talking about it and how easy it was to setup, etc. Where is the FAQ/KB/Tutorial on setting this up? I cannot believe I am having this much difficulty finding it! |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 16 November 2007 at 6:00pm
|
There's not presently a KB on this. To enable this, open in notepad the file functions/functions_windows_authentication.asp just follow the instructions in that file to enable it. It's as simple as setting one variable in the file to true. That's basically it, the only other thing you need to do is make sure that anonymous access to the website is disabled in IIS, so that users have to use their active directly login to browse the website the forum is running on. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jayjay00
Date Posted: 16 November 2007 at 6:08pm
| So, does this mean users can use their active directory login to post, etc or is this just viewing the web pages in general? |
Posted By: WebWiz-Bruce
Date Posted: 16 November 2007 at 6:14pm
|
When the windows authentication/active directory is enabled in Web Wiz Forums then when the users browses to the forum it will automatically log them in. If they do not have a login in the forums database under their active directory login the forum will create one for them. They are then logged in like any normal users and depending on how you set the forum permissions they can then post new topics, reply, edit posts, etc. within the forum. Once anonymous browsing of the web site is disabled, then all users who go to the site will need to be logged in under their active directory account. If active directory users couldn't post then there no-one would be posting at all in the forum. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jayjay00
Date Posted: 16 November 2007 at 6:22pm
| Where does the user show up? There's no control panel that the AD user can click and the admin cannot see them under member administration. |
Posted By: WebWiz-Bruce
Date Posted: 16 November 2007 at 6:49pm
|
Sorry I don't get what you are asking. When you enable AD in Web wiz forums, and a user browses to your forum they are logged in like a standard user, an account is created for them which shows up in the member list, and if they are on the board at the time in the active users list. The only thing that you do have to watch out for, is that your own AD account will not be an admin account, so to get to the admin control panel of web wiz forums you need to log directly into the admin area using the admin.asp page. You can then place your own AD user into the Admin Group of the forum. If you give it ago you should see, it's fairly straight forward, as all Web Wiz Forums is doing, is getting the login details from AD, it then looks to see if that AD user is in the forum database, if they are it logs them in under that user, if not, it creates an account in the forum for them and enters their AD login details into the database. You do also have to disable anonymous browsing of your web site, which means the only people who can view the site are those logged in under AD. This means that all users on the forum would be part of AD and be logged in under AD. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jayjay00
Date Posted: 16 November 2007 at 8:13pm
|
In functions/functions_windows_authentication.asp set Const blnWindowsAuthentication = True In ISS 6: I've unchecked "Enable anonymous access" I've checked "Integrated Windows authentication" When the user logs on, there is nothing to check their profile. If I click Active Forum Users it shows "Guest 1" and that's it. There is no place to log in. |
Posted By: jayjay00
Date Posted: 16 November 2007 at 8:51pm
|
I just tried creating a user under the admin console and I got this: Microsoft OLE DB Provider for SQL Server error '80040e2f' Cannot insert the value NULL into column 'User_code', table 'WebWizForums.dbo.tblAuthor'; column does not allow nulls. INSERT fails. /Forums/admin_register.asp, line 399 |
Posted By: jayjay00
Date Posted: 16 November 2007 at 8:55pm
Here is some quality English in the code comments.  'Don't update user code filed is windows authentication is enabeld If blnWindowsAuthentication = False Then .Fields("User_code") = strUserCode |
Posted By: jayjay00
Date Posted: 16 November 2007 at 8:59pm
| So, obviously because I have windows authentication enabled, it doesn't want to set a user_code. I guess once I get the authentication figured out this error will resolve itself. |
Posted By: WebWiz-Bruce
Date Posted: 16 November 2007 at 10:36pm
|
It doesn't sound like you have windows authentication enabled, if you did you would never be shown in the forum as a guest. You would also have a grey windows login box display to enter your site, if you are not already logged into the server. You should look on Google more about setting up windows authentication and windows permissions. It's not as simple as just checking a box in IIS for authentication. Authenticated users need to be created on the OS. The number of authenticated users you can create also depends on your OS licensing. To have a web site which more than 1 person can use you need to use a server OS. Windows 2003 server web edition doesn't support authenticated users so you need to use Windows 2003 server standard or enterprise, these usually come with a 5 CAL license, and it's a good few hundred more to add another 5 to it. If you are allowing customers from outside your organization to login then you need to have then you need to have Service Provider License Agreement with Microsoft (SPLA) you then pay a monthly fee per authenticated user, or you can pay around £100 per month for a Processor authenticated windows 2003 server standard license under an SPLA. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jayjay00
Date Posted: 19 November 2007 at 2:36pm
|
Thanks for you help thus far, I do appreciate it. The server is running Server 2003 and the licensing seems ok (so far it's only been one user connecting, me). "Authenticated users need to be created on the OS" - we are running Active Directory. Are you saying the users need to be created on the local machine? I know windows authentication is enabled because I get prompted for my windows user account when I go the page. But, the website still shows me as guest and there's nowhere to log in. If I click on a forum that does not have guest access enabled I get a prompt to log in. But I cannot type in my windows information as it is looking for an internal user (i.e. one I created through the control panel). |
Posted By: jayjay00
Date Posted: 19 November 2007 at 2:49pm
| Mmmm.. so I launched Internet Explorer from the server and logged in using my username and it worked. But when I go to the website from my laptop, it doesn't work. Interesting... I guess this may not be a program issue. But, do you have any ideas to help me out as to what this could be? |
Posted By: WebWiz-Bruce
Date Posted: 19 November 2007 at 3:18pm
|
When windows authentication is enabled in Web Wiz Forums it will not show a forum login as this is disabled, as you are logging in through the OS not the forum. If Web Wiz Forums is showing you as a Guest then it means that anonymous logins are not disabled. You need to ensure that anonymous logins are displayed for the web site, so that you are forced to to log into the web site through the OS. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jayjay00
Date Posted: 19 November 2007 at 3:23pm
|
I'm pretty sure everything is setup properly. But this issue is definitely not the software's fault. This is our issue: http://server1/forums - this URL works http://intranet.domain.com/forum (which is internal as well) does not work. |
Posted By: RLRPC
Date Posted: 19 November 2007 at 5:51pm
Then your DNS is not set up correctly. "intranet" should be either a CNAME to the HOST record (typically machine name... i.e. - "server1"). And FWIW, I did as they said - disabled Anonymous Access, changed that one variable from False to True and it seems to work fine on initial testing. Environment FYI: Windows Server 2003 R2 SP2, IE6 on XP clients |
jayjay00 wrote:Posted By: Jono
Date Posted: 19 November 2007 at 6:49pm
Do you get the home page from both these URL's? If so, i suspect it may be the cookies that may be causing the problems (i'm assuming you did the form setup using the intranet.domain.com URL - if so, click the "clear cookies" link at the bottom of the home page).
I've noticed some interesting "features" with AD enabled, which i need to investigate a bit further, but if you give a AD account admin rights on the forum, you can't login to the admin.asp page as if prompts you for a non-existant password.
|
Posted By: Jono
Date Posted: 01 December 2007 at 11:47am
|
I've created a Step-By-Step guilde for installing Web Wiz Forums using the Integrated Authentication method. It also has instructions on installing my mod for full Active Directory Integration, which may be useful to you.
Guide: http://forums.webwiz.net/uploads/24799/Installing_Web_Wiz_Forums_within_an_Active_Directory_Domain.zip - Installing_Web_Wiz_Forums_within_an_Active_Directory_Domain.zip
MOD: http://forums.webwiz.net/uploads/24799/WWF_AD_Integration_MOD_1.0.zip - WWF_AD_Integration_MOD_1.0.zip
|
Posted By: RLRPC
Date Posted: 03 December 2007 at 7:12pm
I'm appreciative of those links... care to fill us in on what your Mod actually does though? 
|
Posted By: Jono
Date Posted: 03 December 2007 at 7:44pm
|
Yeah, sure.
The Mod uses Active Directory information (e.g. the DisplayName, Title and Office attributes), giving people's "full names" rather than just the NT name. This means that, for example, if Jane Smith (NT name=JSmith) gets married and changes her name to Jane Brown (NT name=JBrown) the WWF is automatically updated to reflect both the new NT name and DisplayName.
Hope this helps.
|
Posted By: RLRPC
Date Posted: 03 December 2007 at 7:52pm
|
Fantastic. I wish someone like you existed in the phpBB/VBulletin arenas... they're all UNIX-heads and for years their developers have said "an LDAP mod for Active Directory would be easy" but yet it is still not stable out of the box even on phpBB 3.0 RC7. WWF is the ONLY forum software I have yet to test that supports AD out of the box. |
Posted By: RLRPC
Date Posted: 04 December 2007 at 7:25pm
| So not only is the documentation curtailed towards SQL Server environments, but the scripts are specific to SQL Server as well? |
Posted By: Jono
Date Posted: 04 December 2007 at 7:37pm
|
Not specifically. It was designed as a really simple guide for use within the organisation I work for. I wrote the documentation using SQL Server 2005, but there is no reason why they can't be amended to suit MySQL or Access. Thinking about it, if you're running it in an intranet environment would you use Access?
The vbScript to sync the databases may need a bit of modification to support both, which i'm sure I can do.
What would you like to see? or which parts need improving?
|
Posted By: RLRPC
Date Posted: 04 December 2007 at 7:44pm
I'm absolutely fine with the documentation. I'm not so boneheaded I can't just mentally-replace your SQL Server steps with what I'd need to do in MySQL.  But where I am truly boneheaded is the script. I can tell enough to know you're calling for variables that are SQL Server-specific, which explains to me why the script is not connecting to my DB but I am lame from that point on. |
Posted By: Jono
Date Posted: 04 December 2007 at 7:46pm
I've never been too successful with php (it's too much live javascript!
 ). This solution is weighted towards a Microsoft environment (utilising functions like "name translate"), however the big issue i see is obtaining the user details automatically (for example a *unix box may not know you are valid person in a windows environment). You could modify a login screen to authenticate againist an LDAP server, but I think the attribute SAMaccountName (your windows username) may be Microsoft specific.In essence, I would get a username and password, then try to bind to an object in the LDAP using these details (assume they had the correct rights), if successful the user is valid, if not, they are not.
Once you've got a valid account, find it in LDAP, bind to it for the other attributes, like office, email, telephone, etc.
|
Posted By: Jono
Date Posted: 04 December 2007 at 7:48pm
|
I think it's just the connection string that may need to be updated. Are you willing to do some beta testing?? |
Posted By: RLRPC
Date Posted: 04 December 2007 at 7:49pm
Yes, if you're willing to (figuratively) hold my hand. ...All I've done so far is beta test, we have nothing production yet. |
Posted By: Jono
Date Posted: 04 December 2007 at 7:58pm
| Okay - i'll try my best. Here is a new vbsync script. Edit it and set the database values, then configure the database server type (ignore the access option): http://forums.webwiz.net/uploads/24799/Beta1.1formySQL.zip - Beta1.1forMySQL.zip |