Windows Server

LeoD · Guest

-- Reposted as not posted correctly to get a Microsoft MSDN Subscription
Managed Newsgroup Response ---

I have the following set up.

A SPS portal site (INTRANET) running with authenticated access (in IIS)
providing access to intranet users.

An anonymous version of that site (PUBLIC), running as a separate IIS
virtual server and extented (via WSS admin screens) to point to the intranet
site. This virtual server has anonymous access enabled via IIS and 'Area,
Content and search' selected via SPS

This set up works as I want and PUBLIC essentially provides a read only view
of the content on INTRANET

We have some content that we need to keep on a fileshare for now. Therefore
were are exposing this on INTRANET via search. I have added the fileshare
\\INTRANET\Share as a content source to non-portal content. I want to deliver
the file via http so I have set up a virtual directory pointing to the share
and set up a mapping from the share name to the url. On INTRANET I am able to
search for documents on the file share and my users security credentials
control the search results.

On the server PUBLIC I am able to use search to find documents stored in the
portal, but file share results do no appear. I have give IUSR_xxxx read
permission to parts of the file share I want to expose to the public.

Can I achieve what I am doing with search and an anonymous SPS site? If so
what additional steps do I need to take?

Regards

Leo

Wei-Dong XU [MSFT] · Guest

Hi Leo,

SPS uses the account permission to validate the research result. If the
logon account doesn't have the permission, the result item will not be
displayed. At your scenario:
For the intranet, the content in the file share should be open to all the
intranet accounts.
For the extranet, the anonymous account should not have the permission, so
these content will not appear at the last result.

Though you have set the IUSR_XXX account at the file share. However, the
IUSR_XXX account belongs to the public server. The file share may not be
located at the same box of the public server. So this setting will not give
the access permission of anonymous visitors in public server. Then at the
search result, these results are not listed.

For the troubleshooting, I'd suggest you could check the file share
permission setting:
1. The Shared permission to grant everyone FULLControl
2. at the NTFS permission control to grant everyone FullControl
3. at the virtual server setting, use the anonymous authentication method

Then test whether the result could be listed.

Look forward to your update!

Best Regards,
Wei-Dong XU
Microsoft Product Support Services
This posting is provided "AS IS" with no warranties, and confers no rights.
It is my pleasure to be of assistance.

LeoD · Guest

Thanks for the response. I tried what you suggested by granting full control
to trouble shoot but am still experiencing the same search result via the
extranet

"No results were found that match your query. Please consider the following:
Is your query spelled correctly? "

A bit more info that may be useful to you.

[1] The file share is on the same server but I use a UNC to it.
[2] intranet.foo.com/share and extranet.foo.com/share exist as virtual
directories to \\servername\share
[3] I have a server mapping from \\servername\share to
intranet.foo.com/share and have tried creating a second for the extranet but
you are only allowed one per share. I therefore assume that my alternate
portal access setting for intranet -> extranet is ok here.

From your reply I think you are implying that this is a configuration issue
and I should be able to set up SPS to allow anon users to search a file share?

Regards

Leo

Wei-Dong XU [MSFT] · Guest

Hi Leo,

At the portal indexing, each found content will also be validated to see
whether the logon user has the permission to visit them. So we will need to
grant Everyone permission to the Share permission and NTFS permission.
Since it still hides from the result, please check whether the virtual
folder accpepts the anonymous access.

"... a configuration issue ... allow anon users to search a file share"
This is really one configuration issue and there should be no limitation
here. If permission is set well, the share should be listed successfully.

For troubleshooting, I'd like to know how you put the file share in the
portal, in one linkes list or any other way? If you put the links in the
links list, please also check whether the link list accepts the anonymous
access.

Please feel free to let me know if you have any further question on this
matter.

Best Regards,
Wei-Dong XU
Microsoft Product Support Services
This posting is provided "AS IS" with no warranties, and confers no rights.
It is my pleasure to be of assistance.

LeoD · Guest

Hi Wei-Dong,

I've come back to this problem after a few days and am still having no luck.

I have now set up 2 shares.

Share1 - has the share permissions set to everyone full and security set to
everyone full. This share is included in nonportalcontent and indexed that
way.

Share2 - has the share permissions set to everyone full and security set to
everyone full. This share has its own content index.

In answer to your last question, both shares are added to the relevant
content index using a content source.

The extranet and intranet sites both have virtual directories pointing to
the shares which allow anon users access.

With all of the above set to anon or everyone I don't know if you can open
things up anymore?

Only other thing I can think of to say that it is all running on a Virtual
PC at the moment. (I have had similar experience in a real environment).

If you can suggested any tools or log files to help investigate I'd
appreciate it.

Regards

Leo

Wei-Dong XU [MSFT] · Guest

Hi Leo,

For the troubleshooting log of content indexing, I think the gatherer log
is the only one for us to locate the problem.

Currently I have four suggestions for you regarding this issue:
"both shares are added to the relevant content index using a content
source."
1. please add the virtual server of the file share to the content source.
This way, we could index the content at this virtual server (though it is
the same to the one in the file share). The users from the extranet should
view them at the result.

The http url is the accessible path for extranet users, the file:// path is
for the usage at intranet. So we will need to add one more content source
to the same file share.

2. please configure the content index(the file share is added into)
property to enable the log options below:
a.Log each document successfully retrieved and any indexing warnings.
b.Log each document excluded from this content index
Then the gatherer log of that content index will keep the what has been
found in the in the file shares with any error.

3. check the content index rule to permit all the file under the file
share, for example:
file://<machine name>/folder/*.*
and
http://<url>/virtual Server path/*.*

4. set one account for the rule above. This is to say, we use this account
to index the content at the file share.

Please feel free to let me know if you have any further question on this
matter.

Best Regards,
Wei-Dong XU
Microsoft Product Support Services
This posting is provided "AS IS" with no warranties, and confers no rights.
It is my pleasure to be of assistance.

Wei-Dong XU [MSFT] · Guest

Hi Leo,

I am wondering if my previous response helps. If you need further
assistance on this issue, please let me know.

Best Regards,
Wei-Dong XU
Microsoft Product Support Services
This posting is provided "AS IS" with no warranties, and confers no rights.
It is my pleasure to be of assistance.

LeoD · Guest

Wei-Dong,

Thank you for checking back, I have been investigating the options you have
suggested.

With regard to option [1] about indexing the files via HTTP that works if
all files are anonymous. But we actually wanted to restrict some
files/sub-folders to certain users. I have found that I can use NTFS
permissions to challenge the anon visitor. However this check only occurs
when the link is clicked to get the file. The anon user is able to see that a
file exists and gets a summary of the content in the search results.

I have spent some time looking at [2] and altering exclusions and inclusions
for [3]. I can see the files are being indexed. But I knew that anyway as
they appear in the Intranet search results?

So to summaries I have made no progress. I have therefore been trying to
simplify the problem. I have therefore done the following.

[1] Created a new portal site.
[2] Added a couple of docs to a doc library and indexed a file share (set up
for everyone browse and everyone security) as a content source
[3] Configured SharePoint to allow anon user rights for content and search

With NTLM authentication on I can search for a word and find results in the
doc lib and share. I then alter IIS to be anon only, and do an IIS reset. Now
when I do the same search the file share and doc lib results are missing.

I then go back (back to auth, change setting then back to anon) and add
IUSR_xxx to the reader role. After that the doc lib results appear but the
file share ones still don't

This seems simpler as there are no server mappings and two sites involved.

Regards

Leo

Search fileshare when the SPS portal site allows anonymous u

	Windows Server Forum Index -> Portal Server Development	All times are GMT
Page 1 of 1