Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

External Users Not Able to Login

  Asked By: Roxanne    Date: Jun 12    Category: Sharepoint    Views: 2322

I have WSS v3 set up on my box. I have created local user accounts for
external users. When they browse to the site in IE, they are prompted
for a username and password. However, when they try to login, they
cannot and after 3 attempts (due to security policies) their accounts
get locked out.

User accounts are set so that passwords never expire and they *do not*
have to change their passwords at login. They were added to the sites
as Members and Visitors. Neither group can seem to log in.

IIS is set up to allow anonymous access, Windows Authentication and
Basic Authentication.



8 Answers Found

Answer #1    Answered By: Elisha Abbott     Answered On: Jun 12

Microsoft does not support all three authentications at the same
Are these users  vpning in or is this just exposed to the internet.

if this is a domain I dont think the local  accounts will work.

Answer #2    Answered By: Naimish Ranganekar     Answered On: Jun 12

What it will not support is Windows Auth and Forms/SSO on the same Web

If you pass IIS credentials in Kerberos, it will use those first, then
NTLM, and down the line...

1. The three attempts is almost always IE failing, not AD (yes, IE
has the same 3 attempts and fail). You can verify this by looking in AD
and seeing if their accounts  are locked  (usually not)

2. Did you try adding the Web application URL in question to the
Trusted Sites Zone in IE, and then set  on the Trusted Zone 'Automatic
logon with current user  name and password'?

3. If you are using Kerberos, then the client and server must see
the KDC. In addition, the clocks cannot be more than 5 minutes apart

4. If you are using NTLM, be aware that it is connection-based and
some proxies, firewalls, etc. break the connection and NTLM fails

5. Did you enable anonymous  at the Web application, Site
Collection, and List levels?

6. Remember, if this is non-SSL, that basic is sent in clear-text
and easily hacked

7. AND, you are making these changes from Central Admin,
Application Management, Authentication Providers?

(note, to enable NTLM and Kerberos for the same Web app, you must do so
using adsutil on every WFE Server in the farm)

Answer #3    Answered By: Caleb Gordon     Answered On: Jun 12

Via the Central Admin, I am currently set  up to use NTLM authentication.
Anonymous access  is set at the web application, and site  collection
level. It is, however, not set at the site level, due  to the fact that I
want only authenticated users  being able to access the site.

I only have one box  is the only box in the farm.

I will have the external  users try using Trusted Zone 'Automatic logon
with current user  name and password' next.

Answer #4    Answered By: Christie Carlson     Answered On: Jun 12

Local accounts  will work and you can use all three authentications at once.
Anonymous could cause an issue, but since you say they are getting prompted
to login  I don't think that's the problem. I suspect the problem is that
SharePoint is expecting the username  login to be in the form of
Domain\userid. If you are just typing in the userid it normally won't work.
Especially if that userid also exists in the domain. Try logging in using
the form of Computername\userid for the local  accounts. That may solve your

Answer #5    Answered By: Dorothy Farmer     Answered On: Jun 12

I forgot to add that local  accounts will only work in a single server
environment. If you have a server farm then you need domain level accounts.

Answer #6    Answered By: Jacklyn Burnett     Answered On: Jun 12

That's why you can't replicate the users

But what if you set  the default domain name to be the local  machine name in iis
for each web app on each machine ?

Answer #7    Answered By: Breann Beach     Answered On: Jun 12

Can't you set  up the same username  / password  pair on each web front end ?

A complete pain I knoq but surely a possibility ?

Answer #8    Answered By: Timothy Hall     Answered On: Jun 12

I don't think that will work because SharePoint actually tracks users  with
SIDs. Two identical users on two machines will have different SIDs.

Didn't find what you were looking for? Find more on External Users Not Able to Login Or get search suggestion and latest updates.