logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_authn_ntlm 1.0.0 VC11 wrong remote_user
Author
Rukien



Joined: 08 Jun 2015
Posts: 3
Location: France

PostPosted: Tue 07 Jul '15 13:17    Post subject: mod_authn_ntlm 1.0.0 VC11 wrong remote_user Reply with quote

Hello,

I'm running a Windows Server 2008 R2 with Apache 2.4.12 VC11, PHP 5.6.10 VC11, mod_authn_ntlm VC11.

I use the authn_ntlm plugin to retrieve the login name of the user and use it in an intranet app.

I've got a problem with one user. Depending of its web browser, the "remote_user" server variable is not the good one, which is really bad. For example, it works properly on Chrome. But with IE (v11), it doesn't. This user tried to log on the server through another computer, and it worked, so I think the problem is specific to his computer. I Also know that the "wrong" remote user is an account used by the user for admin tasks and is similar to the real one, so perhaps there's some persistence in its web browser, or something about the LDAP connection ?

I also have another webserver with mod_auth_sspi, and I do not have this problem with any user. I would like to try others versions of that kind of plugin, but it isn't easy to find compiled with VC11 or apache 2.4 compatible...

Here's my config about the module in the httpd.conf :
Code:

<Directory />
   AllowOverride AuthConfig
   AllowOverride All
   AuthName "Restriicted Access"
   AuthType SSPI
   NTLMAuth On
   NTLMAuthoritative On
   NTLMDomain domain.my
   NTLMOfferBasic On
   <RequireAll>
      Require valid-user
   </RequireAll>
</Directory>


I can see the remote_user value through apache access logs and a phpinfo() call on a dedicated webpage.

I don't know where to find a solution, if somebody have any idea, I'll take it !
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 677

PostPosted: Tue 07 Jul '15 16:16    Post subject: Reply with quote

Did you read www.apachelounge.com/viewtopic.php?p=25073 ?

Maybe there is a clue.
Back to top
Rukien



Joined: 08 Jun 2015
Posts: 3
Location: France

PostPosted: Wed 08 Jul '15 14:02    Post subject: Reply with quote

I watched this post. I tried the binaries in the github repo, and also the .so available at apachehause (mod_auth_ntlm VC11 for Apache 2.4)

I also tried change "require valid-user" to "require valid-sspi-user", but no changes for him. It's really strange : as I said before with chrome, it works. When he uses IE tab plugin, it automatically switch to the wrong user !
Back to top
Rukien



Joined: 08 Jun 2015
Posts: 3
Location: France

PostPosted: Thu 06 Aug '15 14:08    Post subject: Reply with quote

I found the solution : it was a "bad" config saved on the computer's client, nothing to see with mod_authn_ntlm.

Idea On the client, go to :
Control Panel > User Accounts > User accounts > check credentials

Select the Windows login infos correpsonding to the server and delete the line, then the correct login is displayed in IE.
Cool
Back to top


Reply to topic   Topic: mod_authn_ntlm 1.0.0 VC11 wrong remote_user View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules