How to Windows auth working on nginx reverse proxy ???
Maxim Dounin
mdounin at mdounin.ru
Tue Feb 16 13:35:11 UTC 2016
Hello!
On Tue, Feb 16, 2016 at 03:37:01AM -0500, cehes wrote:
> we are now 4 years later, is there a solution now ?
> I read things like :
>
> ----------------------------------------
> upstream http_backend {
> server 1.1.1.1:80;
>
> keepalive 16;
> }
>
> server {
> ...
>
> location / {
> proxy_pass http://http_backend/;
> proxy_http_version 1.1;
> proxy_set_header Connection "";
> ...
> }
> }
>
> ----------------------------------------
>
> Is this the solution ?
> Somebody tried it ?
No, this is not expected to work - unless you are using the server
with exactly one user.
Proper support for Windows Authentication (aka NTLM) requires
connections to backend servers to be bound to particular
connections to clients, as NTLM authenticates connections, not
requests. By using common keepalive pool as in the configuration
above any authentication will basically authenticate arbitrary
clients who happen to use the authenticated connection from the
cache of keepalive connections to upstream servers.
Proper support for proxying NTLM authentication was recently
implemented in our commercial version, see
http://nginx.org/r/ntlm.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list