1. Welcome! Please take a few seconds to create your free account to post threads, make some friends, remove a few ads while surfing and much more. ClutchFans has been bringing fans together to talk Houston Sports since 1996. Join us!

[work help] experts exchange or SharePoint/AD/external members help?

Discussion in 'BBS Hangout' started by flipmode, Nov 16, 2007.

Tags:
  1. flipmode

    flipmode Member

    Joined:
    Jul 9, 2003
    Messages:
    876
    Likes Received:
    65
    Hey gang, I'm new on the consulting scene, doing enterprise apps implementations. I'm needing help at a client, where basically the issue is:

    http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/MS-SharePoint/Q_22111279.html

    We have a SharePoint Portal Server 2003 implementation in an Active Directory (AD) forest that needs to be accessed by users and customers outside of that forest. These users are from multiple other AD forests. No AD trusts will be established. How can these users and customers access the SPS 2003 portal without being anonymous?

    *** except, we're running 2007 instead of 2003.

    if you have an experts exchange pw, or if you know how to do this, i'd really appreciate it! i'll be a new analyst rockstar, thanks to you guys. :)
     
    #1 flipmode, Nov 16, 2007
  2. Harrisment

    Harrisment Member

    Joined:
    Jun 20, 2001
    Messages:
    15,392
    Likes Received:
    2,158
    I have an experts exchange account. Here are the assisted and accepted solutions:
    =================================================
    dev-ex:
    For granting access to users from other AD domain, you need to setup trust as SPS2003 depends on Windows authentication for Sharepoint access.

    Since you dont want to setup trust, you could have Sharepoint 2007 server and use other authentication methods like form-based authentication. Its not possible with SPS 2003.




    boomer4d:
    Your external users will have to have AD accounts in order to access your SPS2003 instance. Without smartcards you could have created user accounts on the local server (Not the best practice by any means but a work around just the same). However, smartcards take that option out of the equation.

    If your smartcard setup is anything like ours you're using an OCSP client to handle authentication to your DC and client certificate mapping has been enabled on IIS on your server. Without the ability to establish a trust relationship with other domains you are limited to only those accounts that can authenticate to your DC/domain.

    As dev-ex pointed out, MOSS2007 has authentication flexibility that SPS2003 just doesn't have. In MOSS you can authenticate to a database that has your external users smartcard info stored in, LDAP, forms based etc... It'd probably be worth looking at if your customer is set on allowing that external access.
     
    #2 Harrisment, Nov 16, 2007
(You must log in or sign up to post here.)

Share This Page