AP81 Posted October 5, 2007 Share Posted October 5, 2007 Hi all, I have Apache (LAMP server) working beautifully with SSL and LDAP to authenticate users against Active Directory. I now have the task of making an auto-login if you are in the company building, i.e. if you are in the building and go to the company Intranet it will automatically authenticate and log in. If you are trying externally, it will try to auto-login then default back to the login screen. My problem is getting auto-login to work. I have tried using mod_auth_ntlm_winbind and tried using the Perl Apache-AuthenNTLM module with no success. Both prompt for a username/password which then directs me to an "500 Internal Server Error" regardless of what I enter (even if use DOMAIN\username for the username). - Samba and Winbind are already working fine and so is ntlm_auth (/usr/bin/ntlm_auth --username=adam works fine). - Apache loads the mod_auth_ntlm_winbind.so fine (appears in phpinfo() ), so I assume that that module is functional - Trying the Perl module instead also results in the same thing (the Perl module loads correctly with no errors and appears in phpinf()). Can anyone give me some pointers? Why am I getting prompted for a username/password? Other info: Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a mod_perl/2.0.2 Perl/v5.8.7 Here is my apache error log trying to view a basic php page for mod_auth_ntlm_winbind [Fri Oct 05 10:53:51 2007] [info] removed PID file /var/run/apache2.pid (pid=3980) [Fri Oct 05 10:53:51 2007] [notice] caught SIGTERM, shutting down [Fri Oct 05 10:53:52 2007] [info] Init: Initializing OpenSSL library [Fri Oct 05 10:53:52 2007] [info] Init: Seeding PRNG with 144 bytes of entropy [Fri Oct 05 10:53:52 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Fri Oct 05 10:53:52 2007] [info] Init: Generating temporary DH parameters (512/1024 bits) [Fri Oct 05 10:53:52 2007] [debug] /build/buildd/apache2-2.0.55/build-tree/apache2/modules/ssl/ssl_scache_dbm.c(406): Inter$ [Fri Oct 05 10:53:52 2007] [info] Init: Initializing (virtual) servers for SSL [Fri Oct 05 10:53:52 2007] [info] Server: Apache/2.0.55, Interface: mod_ssl/2.0.55, Library: OpenSSL/0.9.8a [Fri Oct 05 10:53:52 2007] [info] Init: Initializing OpenSSL library [Fri Oct 05 10:53:52 2007] [info] Init: Seeding PRNG with 144 bytes of entropy [Fri Oct 05 10:53:52 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Fri Oct 05 10:53:52 2007] [info] Init: Generating temporary DH parameters (512/1024 bits) [Fri Oct 05 10:53:52 2007] [debug] /build/buildd/apache2-2.0.55/build-tree/apache2/modules/ssl/ssl_scache_dbm.c(406): Inter$ [Fri Oct 05 10:53:52 2007] [info] Init: Initializing (virtual) servers for SSL [Fri Oct 05 10:53:52 2007] [info] Server: Apache/2.0.55, Interface: mod_ssl/2.0.55, Library: OpenSSL/0.9.8a [Fri Oct 05 10:53:52 2007] [notice] Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a configured -- resuming n$ [Fri Oct 05 10:53:52 2007] [info] Server built: Aug 16 2007 22:24:22 [Fri Oct 05 10:53:52 2007] [debug] /build/buildd/apache2-2.0.55/build-tree/apache2/server/mpm/prefork/prefork.c(956): Accep$ Here is my apache error log for AuthenNTLM (looks as though it fails with samba) [4018] AuthenNTLM: Config Domain = XXXXXXXX pdc = pdc1.xxxxxx.com.au bdc = [4018] AuthenNTLM: Config Default Domain = XXXXXXXX [4018] AuthenNTLM: Config Fallback Domain = [4018] AuthenNTLM: Config AuthType = ntlm,basic AuthName = test [4018] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1 [4018] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on [4018] AuthenNTLM: Config Semaphore key = 23754 timeout = 2 [4018] AuthenNTLM: Config SplitDomainPrefix = 1 [4018] AuthenNTLM: Authorization Header <not given> [Fri Oct 05 10:48:06 2007] [error] Bad/Missing NTLM/Basic Authorization Header for /temp/test.php [4018] AuthenNTLM: Start NTLM Authen handler pid = 4018, connection = 9179120 conn_http_hdr = keep-alive main = cuser = $ [4018] AuthenNTLM: Object exists user = \ [4018] AuthenNTLM: Authorization Header NTLM [4018] AuthenNTLM: protocol=NTLMSSP, type=1, flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET), flags2=130(NEGOTIATE$ [4018] handler type == 1 [4018] AuthenNTLM: Connect to pdc = pdc1.xxxxxx.com.au bdc = domain = xxxxxx [4018] AuthenNTLM: enter lock [4018] AuthenNTLM: verify handle smbhandle == 0 [Fri Oct 05 10:48:07 2007] [error] Connect to SMB Server failed (pdc = pdc1.xxxxxx.com.au bdc = domain = xxxxxx e$ [4018] AuthenNTLM: leave lock [Fri Oct 05 10:48:07 2007] [error] Cannot get nonce Below are the resources I have used. I have skipped the kerberos part in mod_auth_ntlm_winbind as it is unecessary and auth_ntlm is working correctly. mod_auth_ntlm_winbind http://adldap.sourceforge.net/wiki/doku.php?id=mod_auth_ntlm_winbind http://bloke.org/wordpress/2007/07/03/ntlm-authentication-active-directory-on-apache-linux/ Apache-AuthenNTLM http://search.cpan.org/~speeves/Apache-AuthenNTLM-2.10/AuthenNTLM.pm Quote Link to comment https://forums.phpfreaks.com/topic/71891-ntlm-authentication/ Share on other sites More sharing options...
AP81 Posted October 5, 2007 Author Share Posted October 5, 2007 Managed to get the Perl AuthenNTLM working, but: a) how do can I tell if a user if authenticated and b) how do I redirect them if they are not Thx. Quote Link to comment https://forums.phpfreaks.com/topic/71891-ntlm-authentication/#findComment-362193 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.