Can I get HaProxy to forward windows auth credentials onto IIS? I have searched for a day and cannot find much information out there.
Asked
Active
Viewed 8,072 times
3
-
How is the authentication captured by the webserver? HTTP Basic Auth? – Kyle Smith Apr 02 '12 at 12:02
-
Hey @Kyle, At the moment just windows authentication is turned on, not basic. – redsquare Apr 02 '12 at 12:18
2 Answers
2
What do you mean by "windows authentication" ? Is it NTLM auth over HTTP ? It's not very clear from your question. If it's NTLM auth, you need haproxy to work in tunnel mode because NTLM auth is not HTTP-compliant and authenticates the connection instead of the request. So you want haproxy to forward all traffic from the same connection to the same server. Using NTLM auth over proxies is dangerous BTW because you never know if proxies will multiplex connections or not, which could result in having multiple users browsing with the same account (haproxy does not do this right now).
Willy Tarreau
- 3,896
- 1
- 20
- 12
-
well Integrated Windows authentication, formerly called NTLM. Thanks for the pointer on tunnel mode, not come across this but will check the docs. – redsquare Apr 09 '12 at 17:19
-1
I ran into this problem. HAProxy by default runs with option http-tunnel unless you specify something like option httpclose. I was trying something like this:
defaults
option httpclose
...
backend http
no option httpclose
server devweb01 10.10.10.10:80 check
But this did not work. When I removed option httpclose from the defaults section, it worked. I also tried adding option http-tunnel inside my backend but this had no effect.
Aaron D
- 129
- 4