Question about Windows Auth howto

["Nutter, Ronald" <Nu...@bv.com>]

I am looking at implementing AD authentication for Tomcat.  Being new to Tomcat, I am trying to check the information before setting this up.
The how to shows one part being done on the AD Domain controller and the other being done on the tomcat server.  This seems to infer that I would also need to install tomcat on the domain controller to perform the needed steps on the DC.  I would prefer not to do that unless there is no other choice.  Since the server that tomcat is running on is a member server in the domain, can I do the steps in the howto on the tomcat member server instead ?

http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html

I have been looking for other information on this but havent had a lot of luck.  I have this working with secure ldap but have been told to go with native AD instead.

Ron

RE: Question about Windows Auth howto

["Nutter, Ronald" <Nu...@bv.com>]

-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org] 
Sent: Wednesday, November 12, 2014 12:28 PM
To: Tomcat Users List
Subject: Re: Question about Windows Auth howto

On 12/11/2014 18:26, Nutter, Ronald wrote:
> -----Original Message-----
> From: Mark Thomas [mailto:markt@apache.org] 
> Sent: Wednesday, November 12, 2014 11:46 AM
> To: Tomcat Users List
> Subject: Re: Question about Windows Auth howto
> 
> On 12/11/2014 16:50, Nutter, Ronald wrote:
>> I am looking at implementing AD authentication for Tomcat.  Being new
>> to Tomcat, I am trying to check the information before setting this
>> up. The how to shows one part being done on the AD Domain controller
>> and the other being done on the tomcat server.  This seems to infer
>> that I would also need to install tomcat on the domain controller to
>> perform the needed steps on the DC.
> 
> What makes you think that?
> 
> RN> Since the Domain Controller is specifically called out by role

Again, where does it say you need to install Tomcat on the domain
controller?

Mark

I had not seen these commands before so I got the impression that they were something that was installed as a part of Tomcat.
Will proceed without that impression and see what happens.

Ron

RN> Since the section is titled Domain Controller, that indicated to me that in order to
>> I would prefer not to do that
>> unless there is no other choice.  Since the server that tomcat is
>> running on is a member server in the domain, can I do the steps in
>> the howto on the tomcat member server instead ?
> 
> You can try it but it has only been tested with running those commands
> on the domain controller. They might work on a server that is a domain
> member.
> 
> Mark
> 
> RN> Will try it on the server running tomcat which is a member of the domain.  
> Just wanted to check to be on the safe side.  I try not to install anything on the domain controllers, just to be on the safe side.
> 
> Ron
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Question about Windows Auth howto

[Mark Thomas <ma...@apache.org>]

On 12/11/2014 18:26, Nutter, Ronald wrote:
> -----Original Message-----
> From: Mark Thomas [mailto:markt@apache.org] 
> Sent: Wednesday, November 12, 2014 11:46 AM
> To: Tomcat Users List
> Subject: Re: Question about Windows Auth howto
> 
> On 12/11/2014 16:50, Nutter, Ronald wrote:
>> I am looking at implementing AD authentication for Tomcat.  Being new
>> to Tomcat, I am trying to check the information before setting this
>> up. The how to shows one part being done on the AD Domain controller
>> and the other being done on the tomcat server.  This seems to infer
>> that I would also need to install tomcat on the domain controller to
>> perform the needed steps on the DC.
> 
> What makes you think that?
> 
> RN> Since the Domain Controller is specifically called out by role

Again, where does it say you need to install Tomcat on the domain
controller?

Mark

>> I would prefer not to do that
>> unless there is no other choice.  Since the server that tomcat is
>> running on is a member server in the domain, can I do the steps in
>> the howto on the tomcat member server instead ?
> 
> You can try it but it has only been tested with running those commands
> on the domain controller. They might work on a server that is a domain
> member.
> 
> Mark
> 
> RN> Will try it on the server running tomcat which is a member of the domain.  
> Just wanted to check to be on the safe side.  I try not to install anything on the domain controllers, just to be on the safe side.
> 
> Ron
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Question about Windows Auth howto

["Nutter, Ronald" <Nu...@bv.com>]

-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org] 
Sent: Wednesday, November 12, 2014 11:46 AM
To: Tomcat Users List
Subject: Re: Question about Windows Auth howto

On 12/11/2014 16:50, Nutter, Ronald wrote:
> I am looking at implementing AD authentication for Tomcat.  Being new
> to Tomcat, I am trying to check the information before setting this
> up. The how to shows one part being done on the AD Domain controller
> and the other being done on the tomcat server.  This seems to infer
> that I would also need to install tomcat on the domain controller to
> perform the needed steps on the DC.

What makes you think that?

RN> Since the Domain Controller is specifically called out by role

> I would prefer not to do that
> unless there is no other choice.  Since the server that tomcat is
> running on is a member server in the domain, can I do the steps in
> the howto on the tomcat member server instead ?

You can try it but it has only been tested with running those commands
on the domain controller. They might work on a server that is a domain
member.

Mark

RN> Will try it on the server running tomcat which is a member of the domain.  
Just wanted to check to be on the safe side.  I try not to install anything on the domain controllers, just to be on the safe side.

Ron


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Question about Windows Auth howto

[Mark Thomas <ma...@apache.org>]

On 12/11/2014 16:50, Nutter, Ronald wrote:
> I am looking at implementing AD authentication for Tomcat.  Being new
> to Tomcat, I am trying to check the information before setting this
> up. The how to shows one part being done on the AD Domain controller
> and the other being done on the tomcat server.  This seems to infer
> that I would also need to install tomcat on the domain controller to
> perform the needed steps on the DC.

What makes you think that?

> I would prefer not to do that
> unless there is no other choice.  Since the server that tomcat is
> running on is a member server in the domain, can I do the steps in
> the howto on the tomcat member server instead ?

You can try it but it has only been tested with running those commands
on the domain controller. They might work on a server that is a domain
member.

Mark


> 
> http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html
> 
> I have been looking for other information on this but havent had a
> lot of luck.  I have this working with secure ldap but have been told
> to go with native AD instead.
> 
> Ron
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org