Hello,
I have an exchange 2003 sp1 server on w2k3 (domain in mixed mode).
I would like to filter owa access not only by user name but also by IP access.
Is this possible?
The basic need for this is because I would like to grant access to everyone of the company from inside the company lan itself, but granting access from the internet only to specific users.
Furthermore, I have the users able to change their password from inside owa, but not from inside outlook 2003.
I think this is caused by logon domain being a samba 3 domain, while exchange domain is another one. When trying to change password from outlook 2003, I receive this error message (translated from Italian):
"Impossible to change the password for the NT domain. An action didn't succeed for not specified reasons"
It seems it expects logon and mail domain to be the same one...
So there is a double benefit I get if able to allow access to owa from inside the lan:
- the users are able to change their logon password from windows (they are receiving notification some days before samba password expiration while logging on)
- in the mean time they would change also their mail password from owa, setting it eventually to the same one
- password duration and history are equal on samba and w2k3 domains
- particular users would be able to access their e-mail from owa, connected to ta company pc with another user credentials (our particular needs)
Thanks in advance for your help, eventually giving me directions on how to correct outlook 2003 error...
Gianluca
PS: I'm also investigating possibility to set mail password from samba server as a step in windows password modification, but the ldapmodify command fails when I try to set the Unicode password... but this would be a miracle. Probably it prevents the command due to not being inside the domain..?
the command issued from samba server is:
ldapmodify -r -v -D "CN=Gianluca Cecchi,cn=users,DC=mail_domain,DC=local" -H ldaps://mail_server -U gcecchi -Y DIGEST-MD5 -f ldap_gcecchi_modify.txt
ldap_initialize( ldaps://mail_server )
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials
additional info: 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece
and the ldap_gcecchi_modify.txt file contains
dn: CN=Gianluca Cecchi,CN=Users,DC=pmail_domain,DC=local
changetype: modify
replace: unicodePwd
unicodePwd::IgBmAHkAZgBmAGUAcwBfADIAMAAwADYAIgA=
-
I have an exchange 2003 sp1 server on w2k3 (domain in mixed mode).
I would like to filter owa access not only by user name but also by IP access.
Is this possible?
The basic need for this is because I would like to grant access to everyone of the company from inside the company lan itself, but granting access from the internet only to specific users.
Furthermore, I have the users able to change their password from inside owa, but not from inside outlook 2003.
I think this is caused by logon domain being a samba 3 domain, while exchange domain is another one. When trying to change password from outlook 2003, I receive this error message (translated from Italian):
"Impossible to change the password for the NT domain. An action didn't succeed for not specified reasons"
It seems it expects logon and mail domain to be the same one...
So there is a double benefit I get if able to allow access to owa from inside the lan:
- the users are able to change their logon password from windows (they are receiving notification some days before samba password expiration while logging on)
- in the mean time they would change also their mail password from owa, setting it eventually to the same one
- password duration and history are equal on samba and w2k3 domains
- particular users would be able to access their e-mail from owa, connected to ta company pc with another user credentials (our particular needs)
Thanks in advance for your help, eventually giving me directions on how to correct outlook 2003 error...
Gianluca
PS: I'm also investigating possibility to set mail password from samba server as a step in windows password modification, but the ldapmodify command fails when I try to set the Unicode password... but this would be a miracle. Probably it prevents the command due to not being inside the domain..?
the command issued from samba server is:
ldapmodify -r -v -D "CN=Gianluca Cecchi,cn=users,DC=mail_domain,DC=local" -H ldaps://mail_server -U gcecchi -Y DIGEST-MD5 -f ldap_gcecchi_modify.txt
ldap_initialize( ldaps://mail_server )
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials
additional info: 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece
and the ldap_gcecchi_modify.txt file contains
dn: CN=Gianluca Cecchi,CN=Users,DC=pmail_domain,DC=local
changetype: modify
replace: unicodePwd
unicodePwd::IgBmAHkAZgBmAGUAcwBfADIAMAAwADYAIgA=
-
