logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: 401's in acess log after authentication with mod_authnz_sspi
Author
Brian



Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA

PostPosted: Thu 30 Oct '14 18:48    Post subject: 401's in acess log after authentication with mod_authnz_sspi Reply with quote

I haven't worked with Apache HTTPD for a very long time. How long? Last time I deployed Apache was in the 2.0 days. I recently deployed the 2.4 binaries from AL, added to that from another source mod_authnz_sspi with success.

The HTTPD server has no vhosts, it is only fronting for Tomcat through the jk_module. So authentication for the apps that require it goes through SSPI which is set to require members of a speicfic domain security group. Again, this all works - access is granted with succesful authentication.

The strange thing is in the access.log, with each hit to the resource (e.g. /Location or /Directory) I see a two or more 401's followed by the normal 200, 302 and 304 status codes. When I saw the 401's I thoguht that was wierd because post-authentication access is unincumbered.

Any one have thoughts as to why after successful authentication I'd be seeing 401's?

Here are a couple of snippets from the access log showing the results:


I've been prompted for NT credentials, I enter them and am able to proceed. I see 401's though after authentcation has occured:
Code:
10.10.10.10 - - [30/Oct/2014:08:58:32 -0700] "GET /manager/status/all HTTP/1.1" 401 381 "http://server-instance.some-domain.gov/manager/status?org.apache.catalina.filters.CSRF_NONCE=3ED491F8BA451A3B34DF716FA833DFD9" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - - [30/Oct/2014:08:58:32 -0700] "GET /manager/status/all HTTP/1.1" 401 381 "http://server-instance.some-domain.gov/manager/status?org.apache.catalina.filters.CSRF_NONCE=3ED491F8BA451A3B34DF716FA833DFD9" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - - [30/Oct/2014:08:58:32 -0700] "GET /manager/status/all HTTP/1.1" 401 381 "http://server-instance.some-domain.gov/manager/status?org.apache.catalina.filters.CSRF_NONCE=3ED491F8BA451A3B34DF716FA833DFD9" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - - [30/Oct/2014:08:58:32 -0700] "GET /manager/status/all HTTP/1.1" 401 381 "http://server-instance.some-domain.gov/manager/status?org.apache.catalina.filters.CSRF_NONCE=3ED491F8BA451A3B34DF716FA833DFD9" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"

The page loads, but again with 401's mixed in:
Code:
10.10.10.10 - my_username [30/Oct/2014:08:58:32 -0700] "GET /manager/status/all HTTP/1.1" 200 17368 "http://server-instance.some-domain.gov/manager/status?org.apache.catalina.filters.CSRF_NONCE=3ED491F8BA451A3B34DF716FA833DFD9" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - my_username [30/Oct/2014:08:58:32 -0700] "GET /manager/status/all HTTP/1.1" 200 17368 "http://server-instance.some-domain.gov/manager/status?org.apache.catalina.filters.CSRF_NONCE=3ED491F8BA451A3B34DF716FA833DFD9" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - my_username [30/Oct/2014:08:58:32 -0700] "GET /manager/images/asf-logo.gif HTTP/1.1" 304 - "http://server-instance.some-domain.gov/manager/status/all" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - my_username [30/Oct/2014:08:58:32 -0700] "GET /manager/images/asf-logo.gif HTTP/1.1" 304 - "http://server-instance.some-domain.gov/manager/status/all" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - - [30/Oct/2014:08:58:32 -0700] "GET /manager/images/tomcat.gif HTTP/1.1" 401 381 "http://server-instance.some-domain.gov/manager/status/all" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - - [30/Oct/2014:08:58:32 -0700] "GET /manager/images/tomcat.gif HTTP/1.1" 401 381 "http://server-instance.some-domain.gov/manager/status/all" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - - [30/Oct/2014:08:58:32 -0700] "GET /manager/images/tomcat.gif HTTP/1.1" 401 381 "http://server-instance.some-domain.gov/manager/status/all" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - - [30/Oct/2014:08:58:32 -0700] "GET /manager/images/tomcat.gif HTTP/1.1" 401 381 "http://server-instance.some-domain.gov/manager/status/all" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - my_username [30/Oct/2014:08:58:32 -0700] "GET /manager/images/tomcat.gif HTTP/1.1" 304 - "http://server-instance.some-domain.gov/manager/status/all" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.10.10.10 - my_username [30/Oct/2014:08:58:32 -0700] "GET /manager/images/tomcat.gif HTTP/1.1" 304 - "http://server-instance.some-domain.gov/manager/status/all" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"


Log format is:
Code:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common


Since my log format includes the %l field, I see that wehre it is blank I am getting 401's in my access log.

Any thoughts on what I either doing wrong or still need to do?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Sat 17 Jan '15 23:38    Post subject: Reply with quote

That modules has a lot of issues with 2.4 version of apache. Might try the successor https://github.com/YvesR/mod_authn_ntlm
Back to top


Reply to topic   Topic: 401's in acess log after authentication with mod_authnz_sspi View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules