| Author |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
 Posted: Sat 04 Nov '06 11:13 Post subject: Use Windows user for auth no AD |
 |
|
| Is there a way to use the windows user for auth with no Active Directory (AD). With AD I could use LDAP, but on XP or simular is no AD. |
|
| Back to top |
|
Jorge
Joined: 12 Mar 2006
Posts: 376
Location: Belgium
|
|
| Back to top |
|
Brian
Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA
|
| Posted: Sat 04 Nov '06 18:10 Post subject: |
|
|
Have you been succesful at using LDAP and AD for user authentiation before?
I have not been able to get that to work. I have been frustrated by that and as such I just decided not to use 2K3 until I have more time to work with it. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sun 05 Nov '06 14:42 Post subject: |
|
|
I haven't installed AD. That's why I asked to have auth without LDAP 
I will test that modul. I'm missing a link to the docs. That would be very helpfull. |
|
| Back to top |
|
Jorge
Joined: 12 Mar 2006
Posts: 376
Location: Belgium
|
| Posted: Sun 05 Nov '06 17:08 Post subject: |
|
|
I i found was:
| Code: | # Add to your httpd.conf
<IfModule !mod_auth_sspi.c>
LoadModule sspi_auth_module modules/mod_auth_sspi.so
</IfModule>
#
# Configuration for mod_auth_sspi
<IfModule mod_auth_sspi.c>
<Location /protected/>
AuthName "A Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
# SSPIBasicPreferred
# SSPIUsernameCase lower
require valid-user
</Location>
</IfModule> |
I guess require can also be "Windows User Name" not sure though |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 07 Nov '06 14:32 Post subject: |
|
|
| Works fine on XP Pro SP 1 with local users. |
|
| Back to top |
|
splantz
Joined: 10 Jan 2007
Posts: 1
|
| Posted: Wed 10 Jan '07 11:57 Post subject: |
|
|
Hello,
this is the scenario I implemented successfully too.
The Apache is used as a reverse Proxy for an application server.
If there are two requests within a period of five seconds the second request only receives a digest of the authentication String.
The first Request gets the long auth String (type3) with username and Domain the sceond gets only a short one (type1) with the Domain in it.
For the types See:
http://www.innovation.ch/personal/ronald/ntlm.html
Is there a way to bring Apache to send the type3 every time?
Thanks for your Help ? |
|
| Back to top |
|
Gayal Rupasinghe
Joined: 28 Dec 2006
Posts: 3
Location: Sri Lanka
|
| Posted: Wed 10 Jan '07 16:23 Post subject: |
|
|
I did the following as it is.
Internet Explorer prompt me for a user login screen.
Failing to log in, i got the following in my error log.
[Wed Jan 10 19:46:50 2007] [error] [client 10.2.4.252] (OS 1326)Logon failure: unknown user name or bad password. : authentication failure for "/test": user unknown
Any kind of help is truly appreciated!
| Jorge wrote: | I i found was:
| Code: | # Add to your httpd.conf
<IfModule !mod_auth_sspi.c>
LoadModule sspi_auth_module modules/mod_auth_sspi.so
</IfModule>
#
# Configuration for mod_auth_sspi
<IfModule mod_auth_sspi.c>
<Location /protected/>
AuthName "A Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
# SSPIBasicPreferred
# SSPIUsernameCase lower
require valid-user
</Location>
</IfModule> |
I guess require can also be "Windows User Name" not sure though |
|
|
| Back to top |
|
