Comments (11)
Is the config the same as in the example? I did not have that kinda issue, but I run apache not on the AD server itself.
from mod_authn_ntlm.
Yes, the httpd.conf in the repository is like we use it in common.
On production servers we do not use the server name in any intranet / portal project, always set a FQDN. The moment we do this we prevent ourself to open the page on the server itself.
from mod_authn_ntlm.
BTW: Doesn't matter if you use AD or local server user accounts. Same issue.
from mod_authn_ntlm.
I will try that tomorrow.
from mod_authn_ntlm.
With this config https://gist.github.com/JBlond/9a6003cae60e73893ce3 I had no issues (without my last patch, I had no new binary at this time). http://localhost/auth/
Firefox I was able to login via prompt and IE was logged in SSO.
Win7 pro
Apache/2.4.10 (Win64) from ApacheHaus
Did you try a regular user or as the Domain Administrator? I used a normal AD user who is local administrator on the computer on which apache is running.
from mod_authn_ntlm.
I tried your config. Same thing. Still do not work.
I try to access a demo url https://thor.informer.de.
IE popup the credentials dialog, I can enter 3 times the correct data and still get:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Server ist part of a domain tqsoft.local (test domain).
My conf:
# if windows/ntlm auth used
<Location /ror_auth >
#AllowOverride None
AuthName "Informer"
AuthType SSPI
NTLMAuth On
NTLMAuthoritative On
# domain need to be set to your domain
# NTLMDefaultDomain domain.local
#require valid-user
<RequireAll>
<RequireAny>
Require valid-user
</RequireAny>
<RequireNone>
Require user "ANONYMOUS LOGON"
Require user "NT-AUTORITÄT\ANONYMOUS-ANMELDUNG"
</RequireNone>
</RequireAll>
# use this to add the authenticated username to you header
# so any backend system can fetch the current user
# rewrite_module needs to be loaded then
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set X_ISRW_PROXY_AUTH_USER %{RU}e
</Location>
from mod_authn_ntlm.
Add: Tried local user Administrator and Domain Administrator, same results.
from mod_authn_ntlm.
Try a normal user. Maybe it is an issue with Administrator. If I remember correctly I had that issue with the original SSPI module.
from mod_authn_ntlm.
Tried a normal domain and local user as well. Same result.
I seek the windows protocol security and found out:
- username local or domain called from external client => security protocol logs successful login
- username local or domain called on the server => security protocol has entries with wrong credentials
from mod_authn_ntlm.
Have you tried enabling LogLevel debug, and comparing the error.log output?
from mod_authn_ntlm.
Root cause of this is described in #17 .
Correct configuration will make open FQDN local on the server possible.
from mod_authn_ntlm.
Related Issues (20)
- Sample Config Error HOT 1
- Request is not forwarded on first attempt in Chrome and Firefox HOT 2
- AppVeyor automatic build HOT 5
- Cannot offer both basic and ntlm HOT 5
- problematic www-Authenticate list if NTLMBasicPreferred is set HOT 1
- error when trying to start apache HOT 3
- na HOT 1
- POST redirections not authenticated or not accomplish requirements
- 2 questions - unstable transparency HOT 2
- mod_authn_ntlm.so ECF Header invalid HOT 3
- Version in source vs release number HOT 2
- authentication with virtualhost doesn't work HOT 5
- what additional header information is available? HOT 1
- How to have 2 types of authentication? HOT 3
- Misleading HTTP-Behaviour: 401 instead of 403 HOT 2
- Works but only with IP address HOT 1
- Is mod_ldap really needed?
- LDAPS ? HOT 4
- Do I need to configure the DC address? HOT 3
- Exclude subfolder auth
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mod_authn_ntlm.