> Sorry, I haven't read the whole thread, but a basic question : > In the tomcat AJP Connector configuration, is "tomcatAuthentication" set to > "no" ?
tomcatAuthentication is disabled (see configuration below) <Connector port="8009" tomcatAuthentication="false" protocol="AJP/1.3" redirectPort="8443" /> The same Tomcat instance with an IIS 6.1 as a reverse proxy works fine. Thanks, Paolo Il giorno gio 15 lug 2021 alle ore 15:29 André Warnier (tomcat/perl) <a...@ice-sa.com> ha scritto: > > Sorry, I haven't read the whole thread, but a basic question : > In the tomcat AJP Connector configuration, is "tomcatAuthentication" set to > "no" ? > https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Common_Attributes > > On 13.07.2021 17:35, Paolo Clerici wrote: > >> I don't see any ISAPI redirector set up there. I was expecting to see > >> something like the steps described here: > >> http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html > > Yes, if I have not missed something, I think I have done everything > > that is written in the document. > > The only differences are that there are two sites "prod" and "test" so > > the only differences for "test" are: > > 1) Dll folder: C:\Apache Software Foundation\Jakarta Isapi > > Redirector\test\bin > > 2) ISAPI filter name: "Jakarta Connector test" (not "tomcat") > > > > isapi_redirect.properties file content: > > extension_uri=/jakarta/isapi_redirect.dll > > log_file=C:\Apache Software Foundation\Jakarta Isapi > > Redirector\test\log\mod_jk.log > > log_level=warn > > worker_file=C:\Apache Software Foundation\Jakarta Isapi > > Redirector\test\conf\workers.properties > > worker_mount_file=C:\Apache Software Foundation\Jakarta Isapi > > Redirector\test\conf\uriworkermap.properties > > > > workers.properties file content: > > worker.list=dgroupnex02,dgroupnex01 > > worker.dgroupnex02.type=ajp13 > > worker.dgroupnex02.host=10.1.2.93 > > worker.dgroupnex02.port=8009 > > worker.dgroupnex01.type=ajp13 > > worker.dgroupnex01.host=10.1.2.39 > > worker.dgroupnex01.port=8009 > > > > uriworkermap.properties file content: > > /S2W/*=dgroupnex02 > > /s2wweb/*=dgroupnex01 > > /websat/*=dgroupnex02 > > > > I would like to tell you that ISAPI redirection of all virtual folders > > works perfectly. The only thing that doesn't work is sending the > > authorization type and user from IIS to Tomcat. > > The only application that needs this functionality is "s2wweb". > > > > Thanks, > > Paolo > > > > > > > > > > > > > > > > > > > > Il giorno mar 13 lug 2021 alle ore 14:44 Mark Thomas > > <ma...@apache.org> ha scritto: > >> > >> On 13/07/2021 12:29, Paolo Clerici wrote: > >>> Hi Mark, > >>> > >>>> How did you set up the s2wweb virtual directory? > >>> Physical Path: C:\Apache Software Foundation\virtual\test\s2wweb > >>> Physical Path Credential: blank > >>> Physical Path Credential Logon Type: Clear Text > >>> Virtual Path: /s2wweb > >>> Pass-through authentication: / Connect As: / Path credentials: > >>> Application user (pass-through authentication) > >> > >> I don't see any ISAPI redirector set up there. I was expecting to see > >> something like the steps described here: > >> > >> http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html > >> > >> Mark > >> > >> > >>> > >>> Thanks, > >>> Paolo > >>> Il giorno mar 13 lug 2021 alle ore 10:27 Mark Thomas > >>> <ma...@apache.org> ha scritto: > >>>> > >>>> On 13/07/2021 08:49, Paolo Clerici wrote: > >>>>> Hi Mark, > >>>>> > >>>>>> Are you connecting from a machine that isn't part of the Windows AD? > >>>>> I have tried both from PCs connected to AD and from PCs not connected > >>>>> to AD. > >>>>> > >>>>>> Normally, I'd expect authentication to work without any password > >>>>>> prompt. > >>>>> If I connect from PC AD I am not asked for credentials (correct). If I > >>>>> connect from a non-AD PC I am prompted for credentials (correctly). > >>>>> The credential check is done correctly by IIS. > >>>>> > >>>>>> Are any other authentication mechanisms enabled? > >>>>> For virtual directory "s2wweb" only "Windows Authentication" is > >>>>> enabled ("Anonymous Authentication" is disabled). For site "test" is > >>>>> enabled "Anonymous Authentication". > >>>>> > >>>>>> Are your two test machines (working and not working) connecting to the > >>>>>> same Tomcat instance (and on the same port)? > >>>>> Yes. > >>>>> Current IIS server needs to be migrated to a new IIS server. The > >>>>> current server (Windows Server 2008 R2 with IIS 6.1) is connected to > >>>>> the same Tomcat server (another Windows Server 2008 R2 with Tomcat > >>>>> 7.0) on the same port (8009). > >>>> > >>>> Again, testing a similar setup locally works as expected. The > >>>> authenticated Windows user name is passed to Tomcat. > >>>> > >>>> How did you set up the s2wweb virtual directory? > >>>> > >>>> Mark > >>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
