0

I have an IIS server (Server 2008R2/IIS 7.5) configured for kerberos authentication. The kerberos authentication works from clients on Windows (IE and Opera both tested), but when I access the site from any browser on a Mac (Safari, Chrome, or Firefox), I do not receive a username/password prompt.

When I visit other server also set up for kerberos authentication (set up and maintained by other people) from Mac, I do receive the prompt for a username/password.

Why would my server not request credentials for authentication? Is there a setting I should be checking?

Daryl Gubler
  • 31
  • 1
  • 6
  • Do you mean "Windows Authentication"? Or what is meant by "kerberos authentication"? Also, what happens on the client? Is there a 401 error? – MichelZ Apr 02 '14 at 17:15
  • Windows Integrated authentication with the Negotiate:Kerberos provide (as opposed to the NTLM or plain Negotiate providers). Also with Anonymous Access disabled. The error is a 403 Not Authorized error (as no credentials ever get requested and passed to the server). – Daryl Gubler Apr 02 '14 at 17:54
  • Have you examined the network traffic between the server and a working client versus a non-working client? – Evan Anderson Apr 03 '14 at 16:31

2 Answers2

1

Figured this out (and as it so often is, was a stupid thing).

Had to enable "Basic Authentication" so that IIS would request credentials if Integrated Auth failed.

For anyone reading this later, only do this on SSL enabled sites since Basic Auth is sent in cleartext.

Daryl Gubler
  • 31
  • 1
  • 6
0

Might be useful to someone... I just had a similar situation (I only needed Basic Authentication). While some clients (Windows) were prompting to login, other (Windows Phone) did not prompt and could open the site as if no security was enabled. What I needed to do was to disable Anonimous Authentication on this site.

Konstantin
  • 101
  • 2