Jump to content


Photo

OWA - Authentication Problems


  • Please log in to reply
9 replies to this topic

#1 francoisp

francoisp

    stranger

  • Members
  • 8 posts

Posted 01 March 2005 - 04:38 PM

Hi there, I've got the following problem in OWA.

The user goes to http://www.server.com/exchange/ and then gets Windows Challenge Response for UserName & Pass (not the owa login screen - Problem 1) then it authenticates and takes the user to his mailbox no problem, but when this user John goes and change the http://www.server.com/exchange/john to another user paul" rel="nofollow" target="_blank">http://www.server.com/exchange/paul he can then send/receive as that user without re-authentication? The users got plain and simply Domain User/User rights and that's it? (Problem 2)

Any ideas?

Thanks


#2 theefool

theefool

    enthusiast

  • Members
  • 352 posts

Posted 01 March 2005 - 05:02 PM

Ideas....

Sounds like a permissions issue to me. Can your users access each other's email by changing their settings within outlook? If so, that might be the answer.

But, still sounds like permissions.....

#3 francoisp

francoisp

    stranger

  • Members
  • 8 posts

Posted 01 March 2005 - 06:16 PM

Yes they can, if I log on as John and change Outlook Exchange box to Paul voila !

What now!?

#4 theefool

theefool

    enthusiast

  • Members
  • 352 posts

Posted 01 March 2005 - 06:24 PM

Do you do this by design? Just curious. Since this is a security risk. If not, restrict their ability to do this in Exchange itself. I'd love to be more detailed on how to do this, but unfortunately, I do not have exchange running here.

Anyway, since you said that you can easily change that in oulook, then they also have permission to do this in OWA. So, restrict their access in Exchange itself. I may be repeating myself, but, now I know this is an Exchange issue. Perhaps removing John and Paul from the Exchange admins group could help. Unless they are admins.

Hope this helps...if not, then I'll see if I can point you in the right direction.

#5 francoisp

francoisp

    stranger

  • Members
  • 8 posts

Posted 01 March 2005 - 08:36 PM

Okay, the users are not part of the admins group at all. Domain Users \ User, In exchange Everyone has send/receive prevlidges and that it?

#6 theefool

theefool

    enthusiast

  • Members
  • 352 posts

Posted 01 March 2005 - 10:03 PM

That should be it. Log off, log back on as a user. CHeck to see if said user can access other user's email. If can't, try online.

Once again, this is just from the top of my head, last time I used exchange 2 years ago. If I remember correctly, you need to change the top level exchange tree for permissions. Ugh, to many years....

#7 theefool

theefool

    enthusiast

  • Members
  • 352 posts

Posted 01 March 2005 - 10:13 PM

In addition. Do the users have the same password? Also, do you have local caching disabled, and save password disabled?

#8 francoisp

francoisp

    stranger

  • Members
  • 8 posts

Posted 02 March 2005 - 06:41 AM

The problem was on the Forms Based Authentication, set to HIGH, I have disabled that and changed the permissions on the TOP level, restarted exhange and seems to be working now, Thx a lot, PS.. the users did not have the same password.

#9 Shakedown

Shakedown

    journeyman

  • Members
  • 91 posts

Posted 02 March 2005 - 03:22 PM

For a great deal of Exchange information check out this site -> http://www.msexchange.org/

#10 theefool

theefool

    enthusiast

  • Members
  • 352 posts

Posted 02 March 2005 - 04:43 PM

Glad I could help. Like my pitiful excuse was before, its been awhile since I last used Exchange. I'm happy that I could point you in the right direction.

Yes, the m[censored]change.org is a nice site.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

IPB Skin By Virteq