Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: mod_userdir and active directory domain change (Windows) |
|
| Author |
|
GoofyX
Joined: 13 Jan 2020
Posts: 9
Location: Greece
|
 Posted: Mon 24 Feb '25 20:53 Post subject: mod_userdir and active directory domain change (Windows) |
 |
|
Today I faced a rather strange issue.
My Windows 10 PC at work is joined in active directory domain A. I have the Apache installation (files downloaded from here) and have mod_userdir enabled. The configuration in the userdir.conf is:
| Code: | <Directory "C:/Users/*/webroot">
AllowOverride All
Options All
Require method GET POST OPTIONS
Require all granted
RewriteEngine On
</Directory> |
So, when I go to http://localhost/~<username> in the browser, Apache serves the files from c:\Users\<username>\webroot.
Today I changed domains. I joined the computer to domain B and used a tool called Profile Wizard (downloaded from here). It's a tool that changes the permission in your user profile to the new domain user. It worked fine.
However, after trying to visit http://localhost/~<username> in the browser, I got a 403 error. After looking at the Apache logs, I saw that Apache tries to serve the files from c:\Users\Goofy.A. Let's say that my username is Goofy and the user profile resides at c:\Users\Goofy.
Before joining the new domain, Apache served the files from c:\Users\Goofy\webroot.
After joining the new domain, it tries to serve the files from c:\Users\Goofy.A\webroot (A is the name of the old domain). Apparently, Apache finds the old domain somewhere and with mod_userdir it does not resolve the path request correctly.
Any ideas?
Of course this issue is easily solvable (with using a Alias directive), but it's really strange that this does not work like when the PC was joined in the old domain. Is it maybe a bug? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7392
Location: EU, Germany, Next to Hamburg
|
| Posted: Tue 25 Feb '25 14:53 Post subject: |
|
|
The user folder and or the webroot folder has a Windows SSID from the old domain. You have to update the owner of all folders and files recursively.
Also if Apache runs as a service you may check the user of that service. |
|
| Back to top |
|
GoofyX
Joined: 13 Jan 2020
Posts: 9
Location: Greece
|
| Posted: Tue 25 Feb '25 20:02 Post subject: |
|
|
After much debugging and with the help of Process Monitor, it turns out that httpd.exe looks in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList for the profile path of the previous domain user. The key ProfileImagePath was set to C:\Users\Goofy.A for the corresponding SID of the previous domain user.
I changed it to C:\Users\Goofy and it works now.
Though the point remains why Apache looks for the SID for the previous domain user, instead of the SID for the new domain user. Obviously, the information about the SID of the previous user is written somewhere and that is where Apache looks into. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7392
Location: EU, Germany, Next to Hamburg
|
| Posted: Wed 26 Feb '25 10:06 Post subject: |
|
|
| GoofyX wrote: |
Though the point remains why Apache looks for the SID for the previous domain user, instead of the SID for the new domain user. |
it isn't apache itself. httpd.exe aks the OS (Windows) for the correct permissions and windows answers that the permissions are not correct. |
|
| Back to top |
|
GoofyX
Joined: 13 Jan 2020
Posts: 9
Location: Greece
|
| Posted: Wed 26 Feb '25 10:17 Post subject: |
|
|
| James Blond wrote: | | it isn't apache itself. httpd.exe aks the OS (Windows) for the correct permissions and windows answers that the permissions are not correct. |
I checked the permissions of all directories involved and remove any reference to Goofy.A and instead added modify permissions for Goofy.B. |
|
| Back to top |
|
|
|
|
|
|
