You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2022-10-18 08:54:22

Odisefs
Member
Registered: 2022-10-18
Posts: 7

Windows 2019 Server + IIS + LDAP Single Sign On Failure

Hi ,
I have the following problem in my companys internal network .
I have got  a Windows 2019 Server with MySQL 8.0 Php 8.0.24 and GLPI 10.0.3
On the network there is also a LDAP Server  used in the authentication on the users when they login into their computers.

I would like for them to be able to access the GLPI site on the windows server without having to enter each time their credentials.
So ...

In IIS :
  I have Disabled the Anonymous Authentication  and Enabled Windows Authentication as per the documentation .
I have checked the Windows Authentication Providers and I have NTLM and Negotiate

And in the GLPI Setup->Authentication-> Other means... I have selected Remote_User  and tried with both Yes  & NO in strip domain names.

And I  still cannot get into my GLPI site without having to provide a credential . I still get the user - password  dialog box .

Any Ideas ?

Offline

#2 2022-11-20 19:11:20

pierrottls
Member
Registered: 2020-02-12
Posts: 3

Re: Windows 2019 Server + IIS + LDAP Single Sign On Failure

Hello,

I have almost the same setup, IIS 10 with glpi 10.0.5 and PHP 7.4 and I cant make the sso works as well. I went thru all forum post, tried all method but none is working.
Can you let me know if you have found a way to fix it ?

THanks in advance.

Offline

#3 2022-11-21 12:43:17

Odisefs
Member
Registered: 2022-10-18
Posts: 7

Re: Windows 2019 Server + IIS + LDAP Single Sign On Failure

Yes ...
On the IIS ,go to the Basic Settings on the Site and Press Test Settings.

There you will see 2 tests "Authentication & "Authorization". If you click on the "Authorization" you will see on the Details Pane the Following :
"The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer name>$ has Read access to the physical path. Then test these settings again."

So make sure that the <domain>\<computer name>$ user has "Read & Execute" ,"List folder contents" and "Read" Access Rights on the folder that has the GLPI installation.

Try that and let me know...
After lot's of head scratching and head banging on the keyboard, that eventually worked for us ...

Last edited by Odisefs (2022-11-21 12:47:59)

Offline

Pages: 1

Board footer

Powered by FluxBB