Help
Hi there, I've got the following problem in OWA.
The user goes to http://www.server.com/exchange/ and then gets Windows Challenge Response for UserName & Pass (not the owa login screen - Problem 1) then it authenticates and takes the user to his mailbox no problem, but when this user John goes and change the http://www.server.com/exchange/john to another user paul" rel="nofollow" target="_blank">http://www.server.com/exchange/paul he can then send/receive as that user without re-authentication? The users got plain and simply Domain User/User rights and that's it? (Problem 2)
Any ideas?
Thanks
Page 1 of 1
OWA - Authentication Problems
#2
theefool 
- enthusiast
- Group: Members
- Posts: 352
- Joined: 28-March 03
Posted 01 March 2005 - 05:02 PM
Ideas....
Sounds like a permissions issue to me. Can your users access each other's email by changing their settings within outlook? If so, that might be the answer.
But, still sounds like permissions.....
Sounds like a permissions issue to me. Can your users access each other's email by changing their settings within outlook? If so, that might be the answer.
But, still sounds like permissions.....
#4
theefool
- enthusiast
- Group: Members
- Posts: 352
- Joined: 28-March 03
Posted 01 March 2005 - 06:24 PM
Do you do this by design? Just curious. Since this is a security risk. If not, restrict their ability to do this in Exchange itself. I'd love to be more detailed on how to do this, but unfortunately, I do not have exchange running here.
Anyway, since you said that you can easily change that in oulook, then they also have permission to do this in OWA. So, restrict their access in Exchange itself. I may be repeating myself, but, now I know this is an Exchange issue. Perhaps removing John and Paul from the Exchange admins group could help. Unless they are admins.
Hope this helps...if not, then I'll see if I can point you in the right direction.
Anyway, since you said that you can easily change that in oulook, then they also have permission to do this in OWA. So, restrict their access in Exchange itself. I may be repeating myself, but, now I know this is an Exchange issue. Perhaps removing John and Paul from the Exchange admins group could help. Unless they are admins.
Hope this helps...if not, then I'll see if I can point you in the right direction.
#6
theefool
- enthusiast
- Group: Members
- Posts: 352
- Joined: 28-March 03
Posted 01 March 2005 - 10:03 PM
That should be it. Log off, log back on as a user. CHeck to see if said user can access other user's email. If can't, try online.
Once again, this is just from the top of my head, last time I used exchange 2 years ago. If I remember correctly, you need to change the top level exchange tree for permissions. Ugh, to many years....
Once again, this is just from the top of my head, last time I used exchange 2 years ago. If I remember correctly, you need to change the top level exchange tree for permissions. Ugh, to many years....
#8
francoisp
- stranger
- Group: Members
- Posts: 8
- Joined: 01-March 05
Posted 02 March 2005 - 06:41 AM
The problem was on the Forms Based Authentication, set to HIGH, I have disabled that and changed the permissions on the TOP level, restarted exhange and seems to be working now, Thx a lot, PS.. the users did not have the same password.
#9
Shakedown
- journeyman
- Group: Members
- Posts: 91
- Joined: 19-April 01
Posted 02 March 2005 - 03:22 PM
For a great deal of Exchange information check out this site -> http://www.msexchange.org/
Share this topic:
Page 1 of 1