Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: mod_auth_SSPI on windows |
|
| Author |
|
birkettm
Joined: 27 Apr 2006
Posts: 20
|
 Posted: Mon 30 Nov '09 17:40 Post subject: mod_auth_SSPI on windows |
 |
|
Hi,
I have set-up mod_auth_sspi but everytime i try to get LA-U:REMOTE_USER IE prompts me to log in. As it turns out LA-U:REMOTE_USER is always null. What am i doing wrong here? Here are the relevent (i hope!) sections of httpd.conf...any advice appreciated.
Marc
<VirtualHost *:443>
ServerName localhost
ServerAlias localhost
CustomLog C:\apache\logs\plone\443access.log combined
ErrorLog C:\apache\logs\plone\443error.log
LogLevel warn
#authenticate
<IfModule mod_auth_sspi.c>
<Location />
#set up sspi
AuthName "Extranet"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain NNTHA
SSPIOfferBasic On
SSPIUsernameCase lower
SSPIBasicPreferred Off
SSPIPerRequestAuth on
SSPIOfferSSPI On
SSPIOmitDomain On
require valid-user
</Location>
</IfModule>
<snip mod_ssl config...>
<IfModule mod_rewrite.c>
#do the rewrite
RewriteEngine On
# Put the username into a request header:
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1]
RequestHeader set X_REMOTE_USER %{RU}e
RewriteRule ^/(.*) \
http://localhost:8080/VirtualHostBase/http/%{SERVER_NAME}:443/$1 [L,P,E=RU:%1]
</IfModule>
<snip mod_proxy config...>
</VirtualHost> |
|
| Back to top |
|
birkettm
Joined: 27 Apr 2006
Posts: 20
|
| Posted: Mon 30 Nov '09 17:59 Post subject: |
|
|
Headers in IE. Seems to be authenticated but not setting the X_Remote_User header....
GET / HTTP/1.1
Accept: */*
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: localhost
Connection: Keep-Alive
Authorization: NTLM TlRMTVNTUAABAAAAB7IIogUABQAxAAAACQAJACgAAAAFASgKAAAAD1BDMDQwNzVWTU5OVEhB |
|
| Back to top |
|
birkettm
Joined: 27 Apr 2006
Posts: 20
|
| Posted: Mon 30 Nov '09 19:00 Post subject: |
|
|
Although the access.log doesnt return the user either...
127.0.0.1 - - [30/Nov/2009:16:57:06 +0000] "GET / HTTP/1.1" 401 401 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"
127.0.0.1 - - [30/Nov/2009:16:57:06 +0000] "GET / HTTP/1.1" 401 401 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" |
|
| Back to top |
|
black_harry
Joined: 22 Feb 2010
Posts: 15
Location: Germany, Stuttgart
|
| Posted: Mon 22 Feb '10 17:20 Post subject: |
|
|
Hello birkettm,
try to adjust your ssl.conf:
sspi-authentication always requires HTTP/1.1
short comment / extraction from my ssl.conf
# disable next 3 lines to be able to serv ntlm-restricted pages via MS-Proxy
#BrowserMatch ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
Greetings,
Harry |
|
| Back to top |
|
|
|
|
|
|
