Hi all, I tried to setup moss 2007 form based authentication against
Active Directory with AD/LDAP Membership Provider. However, I tried
for the last 5 days to figure out what's wrong with the setup but no
luck. Could anyone tell me what could be wrong with the setup?
Here is what I did
1. Create web application to host https://extranet.acme.com with
"default zone" and use form with either AD/LDAP Membership
Provider so external users login with their internal NT Account or
Email (BTW I used SSL 128 bit)
2. Extend the above web application to host intranet http://intranet
with "Intranet zone"
3. Modify web.config of both Central Administration and extranet
4.Here is partial of web.config file that show connection and
membership
//AD Membership Provider
<connectionStrings>
<add name="ADConnection" connectionString="LDAP://server1.acme.com/
CN=Users,DC=acme,DC=com" />
</connectionStrings>
<membership defaultProvider="ADProviderService">
<providers>
<add name="ADProviderService"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection"
connectionUsername="acme\app_account" connectionPassword="abc123"/>
</providers>
</membership>
//LDAP Membership Provider
<membership>
<providers>
<add name="ADProviderService"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider,
Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral,
PublicKeyToken=71E9BCE111E9429C" server="server1.acme.com" port="389"
useSSL="true" userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="OU=Users,OU=Dener,DC=acme,DC=com"
userObjectClass="person" userFilter="(|(ObjectCategory=group)
(ObjectClass=person))" scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
When I try AD Membership Provider and login to the form with either
email or nt account, I got the following sign in form error
"The server could not sign you in. Make sure your user name and
password are correct, and then try again."
Then I take a look at the server event viewer, I got the following
error
Event Type: Information
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1315
Date: 5/1/2008
Time: 12:40:27 AM
User: N/A
Computer: MYSERVER
Description:
Event code: 4006 Event message: Membership credential verification
failed. Event time: 5/1/2008 12:40:27 AM Event time (UTC): 5/1/2008
7:40:27 AM Event ID: 5ed5b12b0e7c491fb4962f07827ac9f3 Event
sequence: 4 Event occurrence: 1 Event detail code: 0 Application
information: Application domain: /LM/W3SVC/918023365/
Root-1-128541012094024926 Trust level: WSS_Minimal
Application Virtual Path: / Application Path: C:\Inetpub\wwwroot
\wss\VirtualDirectories\extranet.acme.com80\ Machine name:
MYSERVER Process information: Process ID: 3824 Process
name: w3wp.exe Account name: acme\app_account Request
information: Request URL: https://extreanet.acme.com:443/_layouts/login.aspx?ReturnUrl=Membership
credential verification failed.f_layoutsMembership credential
verification failed.fAuthenticate.aspx5/1/2008 12:40:27
AMfSource5/1/2008 12:40:27 AMd%252f&Source=Membership credential
verification failed.f Request path: /_layouts/login.aspx
User host address: 10.247.229.41 User: Is authenticated:
False Authentication Type: Thread account name: MYSERVER
\IUSR_FLATFILE Name to authenticate: john.doen@acme.com Custom
event details:
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
After the above AD membership provider failed, I then try to use LDAP
Membership Provider and I still get the same sign in form error above.
There was no server error in the event viewer.
For both provider, I try to look up user in people picker Ex:
ADProviderService:jonh.doe@acme.com, but I could not find any of them
I checked membership/connection string syntax many times and could not
find anything wrong.
I search on the internet and found several threads about above issues
and followed those instructions, but no luck.
Here is some of the threads that I found
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2337663&SiteID=1
http://www.setfocus.com/technicalarticles/nickkellett/MOSS2007-and-Novell-LDAP-Authentication_pg1.aspx
http://blogs.msdn.com/harsh/archive/2007/01/10/forms-based-authentication-in-moss.aspx
http://blogs.infosupport.com/porint/archive/2007/05/07/Step_2D00_by_2D00_Step-guide_2C00_-installing-AD-Provider-on-WSS-v3.aspx
http://jasonflowers2k.spaces.live.com/blog/cns!1889117EF017B979!118.entry
Thanks all