Topic: mod_authn_ntlm 1.0.0 VC11 wrong remote_user

[Rukien]

Hello,

I'm running a Windows Server 2008 R2 with Apache 2.4.12 VC11, PHP 5.6.10 VC11, mod_authn_ntlm VC11.

I use the authn_ntlm plugin to retrieve the login name of the user and use it in an intranet app.

I've got a problem with one user. Depending of its web browser, the "remote_user" server variable is not the good one, which is really bad. For example, it works properly on Chrome. But with IE (v11), it doesn't. This user tried to log on the server through another computer, and it worked, so I think the problem is specific to his computer. I Also know that the "wrong" remote user is an account used by the user for admin tasks and is similar to the real one, so perhaps there's some persistence in its web browser, or something about the LDAP connection ?

I also have another webserver with mod_auth_sspi, and I do not have this problem with any user. I would like to try others versions of that kind of plugin, but it isn't easy to find compiled with VC11 or apache 2.4 compatible...

Here's my config about the module in the httpd.conf :

[admin]

Did you read www.apachelounge.com/viewtopic.php?p=25073 ?

Maybe there is a clue.

[Rukien]

I watched this post. I tried the binaries in the github repo, and also the .so available at apachehause (mod_auth_ntlm VC11 for Apache 2.4)

I also tried change "require valid-user" to "require valid-sspi-user", but no changes for him. It's really strange : as I said before with chrome, it works. When he uses IE tab plugin, it automatically switch to the wrong user !

[Rukien]

I found the solution : it was a "bad" config saved on the computer's client, nothing to see with mod_authn_ntlm.

On the client, go to :
Control Panel > User Accounts > User accounts > check credentials

Select the Windows login infos correpsonding to the server and delete the line, then the correct login is displayed in IE.