Sharepoint Search + Basic Authentication
Because of various factors, i was forced to make my sharepoint site use basic authentication instead of NTLM, Kerbrose, or any other auth system. This had to do with our novel environment, and a number of user problems, mostly people forgetting to use our domain/username format to log into sharepoint.
After reconfiguring everything to use the basic authentication method, i ran into a problem with sharepoint search and it's Default content access account.
Namely, you can not tell sharepoint search to not try to log in using the default access account with out the domain infront of it's name. The solution i found on the web was to create a crawl rule for your site, (ex: http://intranet/*) and specify a different content access account for it, and then uncheck "Do not allow Basic Authentication".
Problem with this is that in order for sharepoint to search the sites at all, it forced me to check (set) "Crawl SharePoint content as Http pages."
That is a problem because, in my research of the ramifications of setting that option, i found out this:
"When the content is crawled by using the HTTP protocol, item permissions are not stored."
-Hinweis, http://technet.microsoft.com/de-de/library/cc179514.aspx
So what do we do to solve this problem? My solution for the time is to create a dedicated webfront server for the search server. Sounds simple right? But it takes a little more time than just that to do:
First your not suppose to have execl services or any other service other than the query server. This is because of the changes to the host file that will (hopefully) be automatically made by following this process and will mess up any other applications running on the machine:
Setting up a dedicate webfront for search:
First, undo what we just did.
Required for this set up:
-2 Boxes you can (almost) dedicate to searching, in my case they will be called Moss and MossSearch.
-Make sure the computer you are dedicating for the search web front-end is not apart of any network loadbalancing rotation.
-The NetBios name of your query server is not the same name as your sharepoint site.
First you take a box and set it up to be the dedicated search server:
Go to Central Administration > Operations > Topology and Services > Servers in farm
-Select your server you are dedicating to sharepoint search. My case we will do this to Moss
-Make sure "Windows SharePoint Services Web Application" is 'Started', if it isn't, Start it.
-Now change the box to use Integrated Windows Authentication:
-Remote into the computer.
-Start->run->inetmgr
-Go to your webapplication, right click go to properties
-Top tab 'Directory Security', Under Authentication and access control -> Click Edit
-Check Integrated Windows Authentication -> Make sure you set the default domain/realm too.
Now lets set up the query box to use this server now.
Go to Central Administration > Operations > Topology and Services > Servers in farm
-Select the query server I am callign this Box MossSearch.
-Make sure it has Office SharePoint Services Search running on it and click on it's link to edit it
-Under "Web Front End and Crawling" select the server we just set up to be the dedicated server. In my case it is: Moss.
Verify the Webfront Server Automaticly set up correctly:
-Remote/log onto the computer that is doing the querying, in my case MossSearch
-Go to your hosts file: C:\\system32\drivers\ect
-Open the hosts file with a text editor like notepad.
-Make sure the entrys in there are pointing to your MossSearch server's ip, if they aren't, we need to configure them manualy. In my case, i had to do this manualy.
They will look something like
10.1.1.10 intranet #Added by Office SharePoint Server Search (12/24/2008 1:30PM)
The ip it sets there should point to the computer you set up just for sharepoint search.
Manualy setting up a Dedicated webfront search server.
-First we need to set the search server to "Use all web front end computers for crawling", we have to do this because central administration will undo any changes to the host file automaticly if we dont.
-Go to Central Administration > Operations > Topology and Services > Servers in farm
-Select the Query server (MossSearch). Under "Web Front End and Crawling" select "Use all web front end computers for crawling"
-Find the ip of the dedicated webfront search server. My Case it's Moss (i hope you can do this yourself)
-Go back to your computer you are using as your Search Server, Add the correct entries to the host file.
The correct entries is the ip address of the dedicated webfront server, and any web applications you want to search. Example host file setup:
127.0.0.1 localhost
10.1.1.4 intranet
10.1.1.4 mysites
10.1.1.4 is the address of the dedicated web front-end for search, not the real ip adress that i would get if i "ping intranet" on any other computer.
And there you go, your good to go.
After reconfiguring everything to use the basic authentication method, i ran into a problem with sharepoint search and it's Default content access account.
Namely, you can not tell sharepoint search to not try to log in using the default access account with out the domain infront of it's name. The solution i found on the web was to create a crawl rule for your site, (ex: http://intranet/*) and specify a different content access account for it, and then uncheck "Do not allow Basic Authentication".
Problem with this is that in order for sharepoint to search the sites at all, it forced me to check (set) "Crawl SharePoint content as Http pages."
That is a problem because, in my research of the ramifications of setting that option, i found out this:
"When the content is crawled by using the HTTP protocol, item permissions are not stored."
-Hinweis, http://technet.microsoft.com/de-de/library/cc179514.aspx
So what do we do to solve this problem? My solution for the time is to create a dedicated webfront server for the search server. Sounds simple right? But it takes a little more time than just that to do:
First your not suppose to have execl services or any other service other than the query server. This is because of the changes to the host file that will (hopefully) be automatically made by following this process and will mess up any other applications running on the machine:
Setting up a dedicate webfront for search:
First, undo what we just did.
Required for this set up:
-2 Boxes you can (almost) dedicate to searching, in my case they will be called Moss and MossSearch.
-Make sure the computer you are dedicating for the search web front-end is not apart of any network loadbalancing rotation.
-The NetBios name of your query server is not the same name as your sharepoint site.
First you take a box and set it up to be the dedicated search server:
Go to Central Administration > Operations > Topology and Services > Servers in farm
-Select your server you are dedicating to sharepoint search. My case we will do this to Moss
-Make sure "Windows SharePoint Services Web Application" is 'Started', if it isn't, Start it.
-Now change the box to use Integrated Windows Authentication:
-Remote into the computer.
-Start->run->inetmgr
-Go to your webapplication, right click go to properties
-Top tab 'Directory Security', Under Authentication and access control -> Click Edit
-Check Integrated Windows Authentication -> Make sure you set the default domain/realm too.
Now lets set up the query box to use this server now.
Go to Central Administration > Operations > Topology and Services > Servers in farm
-Select the query server I am callign this Box MossSearch.
-Make sure it has Office SharePoint Services Search running on it and click on it's link to edit it
-Under "Web Front End and Crawling" select the server we just set up to be the dedicated server. In my case it is: Moss.
Verify the Webfront Server Automaticly set up correctly:
-Remote/log onto the computer that is doing the querying, in my case MossSearch
-Go to your hosts file: C:\
-Open the hosts file with a text editor like notepad.
-Make sure the entrys in there are pointing to your MossSearch server's ip, if they aren't, we need to configure them manualy. In my case, i had to do this manualy.
They will look something like
10.1.1.10 intranet #Added by Office SharePoint Server Search (12/24/2008 1:30PM)
The ip it sets there should point to the computer you set up just for sharepoint search.
Manualy setting up a Dedicated webfront search server.
-First we need to set the search server to "Use all web front end computers for crawling", we have to do this because central administration will undo any changes to the host file automaticly if we dont.
-Go to Central Administration > Operations > Topology and Services > Servers in farm
-Select the Query server (MossSearch). Under "Web Front End and Crawling" select "Use all web front end computers for crawling"
-Find the ip of the dedicated webfront search server. My Case it's Moss (i hope you can do this yourself)
-Go back to your computer you are using as your Search Server, Add the correct entries to the host file.
The correct entries is the ip address of the dedicated webfront server, and any web applications you want to search. Example host file setup:
127.0.0.1 localhost
10.1.1.4 intranet
10.1.1.4 mysites
10.1.1.4 is the address of the dedicated web front-end for search, not the real ip adress that i would get if i "ping intranet" on any other computer.
And there you go, your good to go.
Comments