Project

General

Profile

Actions
Copy link

Bug #1573

closed

lighttpd mod proxy in front of IIS with Integrated Windows Authentication

Added by Anonymous about 16 years ago. Updated about 13 years ago.

Status:
Missing Feedback
Priority:
Low
Category:
mod_proxy
Target version:
-
ASK QUESTIONS IN Forums:

Description

Hi,

I'm trying to set up Lighy as load balancer in front of 2 IIS webservers. It works fine for anonymous acces, but it fails with "Windows Integrated Authentication". Problem is that it browser asks for username + password, but they don't work.

I'm running the precompiled Windows vers 1.4.18.1. Tried to manually add some headers, but it doesn't help.

Any advice ?

proxy.balance = "hash"
proxy.debug = 1
proxy.server = ( "" => ( ( "host" => "192.168.2.1", "port" => 81) ,
( "host" => "192.168.2.2", "port" => 81) ) )

setenv.add-request-header = (
#"WWW-Authenticate" => "Negotiate"
"WWW-Authenticate" => "NTLM"
)

setenv.add-response-header = (
#"WWW-Authenticate" => "Negotiate"
"WWW-Authenticate" => "NTLM"
)

-Alex

-- alxtoth a_t users . sourceforge.net

Actions
Copy link
 #1

Updated by stbuehler over 15 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid

"Windows Integrated Authentication".. unless you can show that it is a lighttpd bug (i.e. we did something wrong), i don't think we care.

To show that lighty has a bug you probably need to show us some headers (browser <-> lighty <-> iis); just reopen the ticket in that case; the setenv module shouldn't be needed for this.

Actions
Copy link
 #2

Updated by Anonymous over 15 years ago

  • Status changed from Fixed to Need Feedback
  • Resolution deleted (invalid)

Integrated windows authentication will not work on because only the first letter from the user name will be passed to the webserver. Also the http version will change but i don't know if it has anything to do with the authentication failure.

I am using lighttpd 1.4.19-4.fc8

Example

IE7.0 -> lighttpd proxy

Request version: HTTP/1.1
User name: 
host name: test

lighttpd proxy -> iis6.0

Request version: HTTP/1.0
User name: u
host name: t
X-Forwarded-For: x.x.x.x
X-Host: host.mydomain.com
X-Forwarded-Proto: http
Actions
Copy link
 #3

Updated by stbuehler over 15 years ago

  • Status changed from Need Feedback to Fixed
  • Resolution set to invalid

"host name: test" is not a http header, neither is "User name: user@..."

i just tried with basic authentication: lighty does not modify the authorization header from the client (and i doubt lighty changes other auth related headers).

as you thought you are extra important, i just think this is still invalid.

Actions
Copy link
 #4

Updated by stbuehler over 15 years ago

  • Status changed from Fixed to Invalid
Actions
Copy link
 #5

Updated by aderouineau about 13 years ago

  • Status changed from Invalid to Reopened
  • Target version changed from 1.5.0 to 1.4.x

It seems I am having the same problem: I set up a proxy to a Sharepoint server and it does not accept my credentials through lighttpd.

Actions
Copy link
 #6

Updated by stbuehler about 13 years ago

  • Status changed from Reopened to Missing Feedback
  • Priority changed from High to Low
  • Target version deleted (1.4.x)
  • Missing in 1.5.x set to No

Windws, no details, don't care.

Actions
Copy link

Also available in: Atom