Bug #1573
closedlighttpd mod proxy in front of IIS with Integrated Windows Authentication
Description
Hi,
I'm trying to set up Lighy as load balancer in front of 2 IIS webservers. It works fine for anonymous acces, but it fails with "Windows Integrated Authentication". Problem is that it browser asks for username + password, but they don't work.
I'm running the precompiled Windows vers 1.4.18.1. Tried to manually add some headers, but it doesn't help.
Any advice ?
proxy.balance = "hash"
proxy.debug = 1
proxy.server = ( "" => ( ( "host" => "192.168.2.1", "port" => 81) ,
( "host" => "192.168.2.2", "port" => 81) ) )
setenv.add-request-header = (
#"WWW-Authenticate" => "Negotiate"
"WWW-Authenticate" => "NTLM"
)
setenv.add-response-header = (
#"WWW-Authenticate" => "Negotiate"
"WWW-Authenticate" => "NTLM"
)
-Alex
-- alxtoth a_t users . sourceforge.net
Updated by stbuehler over 16 years ago
- Status changed from New to Fixed
- Resolution set to invalid
"Windows Integrated Authentication".. unless you can show that it is a lighttpd bug (i.e. we did something wrong), i don't think we care.
To show that lighty has a bug you probably need to show us some headers (browser <-> lighty <-> iis); just reopen the ticket in that case; the setenv module shouldn't be needed for this.
Updated by Anonymous over 16 years ago
- Status changed from Fixed to Need Feedback
- Resolution deleted (
invalid)
Integrated windows authentication will not work on because only the first letter from the user name will be passed to the webserver. Also the http version will change but i don't know if it has anything to do with the authentication failure.
I am using lighttpd 1.4.19-4.fc8
Example
IE7.0 -> lighttpd proxy
Request version: HTTP/1.1
User name: user@mydomain.com
host name: test
lighttpd proxy -> iis6.0
Request version: HTTP/1.0
User name: u
host name: t
X-Forwarded-For: x.x.x.x
X-Host: host.mydomain.com
X-Forwarded-Proto: http
Updated by stbuehler over 16 years ago
- Status changed from Need Feedback to Fixed
- Resolution set to invalid
"host name: test" is not a http header, neither is "User name: user@..."
i just tried with basic authentication: lighty does not modify the authorization header from the client (and i doubt lighty changes other auth related headers).
as you thought you are extra important, i just think this is still invalid.
Updated by aderouineau about 14 years ago
- Status changed from Invalid to Reopened
- Target version changed from 1.5.0 to 1.4.x
It seems I am having the same problem: I set up a proxy to a Sharepoint server and it does not accept my credentials through lighttpd.
Updated by stbuehler about 14 years ago
- Status changed from Reopened to Missing Feedback
- Priority changed from High to Low
- Target version deleted (
1.4.x) - Missing in 1.5.x set to No
Windws, no details, don't care.
Also available in: Atom