Hi Unfortunately the log I've uploaded isn't quite what you asked for. We have little access or control over the remote system, so this is just the start of the log. There are too many accesses in between to isolate the point where the failing user tries to connect - other than to say it doesn't even appear to make it to the logs (The access time was recorded by the user, but nothing appears in the ISAPI log at that time)
A second site with the same issue is trying to get a clean log with only the failing user entry in it. This may come through in the next few days. It does seem that the 8k http header limit is our most likely culprit. Are you able to share how I increase this as that will be easy for me to have tested? Am happy to test whatever values you recommend that will hopefully confirm this is the right area to focus - I just haven't found a reference to this setting anywhere. Thanks Paul Rainer Jung-3 wrote: > > Scrumpy Jack schrieb: >> Hi >> I'm trying to resolve an issue with Integrated Authentication when a user >> with a large Group Membership tries to access a site served by Tomcat via >> IIS ISAPI Redirect. >> >> For all other users, access is fine. For users with 70+ Windows groups, >> they >> are failing to be redirected and are getting a 500 error. Basic >> Authentication works fine. >> Can anyone point me in the direction of settings that increase buffer (?) >> settings related to Integrated Authentication? Any ideas as to where I >> should focus? (i.e. the ISAPI Filter config end, or Tomcat end?) > > If you can easily reproduce on a test system, set log_level to trace and > reproduce with a single request. Then show us your log_file. > > It is possible, that the informagtion gets forwarded via http headers. > The AJP protocol used between the isapi redirector and Tomcat needs to > send all http headers in a single AJP packet. The default maximum size > of the packet is 8KB. Recent versions of the redirector and of Tomcat > are able to use a higher value. But let's first check, if this is > actually the problem you are runnning into. > > Regards, > > Rainer > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > http://www.nabble.com/file/p20242376/Log%2BExcerpt.txt Log+Excerpt.txt -- View this message in context: http://www.nabble.com/Tomcat6%2BISAPI%2BIIS%2BIntegrated-Authentication%2BLarge-User-tp20049325p20242376.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
