FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 09-09-2008, 12:39 PM
"Kenneth Holter"
 
Default Authentication error: Apache 2 and MS 2003 Active Directory

Thanks for the quick reply.

I implemented your setup, and found that the web page's credentials dialogue
box no longer appears (before the dialogue box would appear, but
authentication would fail). Instead, the following error message is issued:

Internal server error:

The server encountered an internal error or misconfiguration and was unable
to complete your request.

The /var/log/httpd/error.log says this:

[Tue Sep 09 14:31:47 2008] [warn] [client 111.222.33
<http://10.53.65.212/>3.444]
[8127] auth_ldap authenticate: user kenneho authentication failed; URI /test

[ldap_search_ext_s() for user failed][Operations error], referer:
http://server.example.com/
Any ideas?


On 9/9/08, Roderick Derks <redhat@r71.nl> wrote:
>
> This is a working config for AD2003RC2 and Apache:
> Server version: Apache/2.2.6 (Unix)
> Server built: Sep 18 2007 09:40:44
>
> <Directory "/var/www/html/portdiscoverer">
>
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative on
> AuthName "Portdiscoverer Access"
>
> Options Indexes FollowSymLinks
> AllowOverride None
> Order allow,deny
> Allow from all
> Require valid-user
>
> AuthLDAPURL
> "ldap://ezhdc01:389/ou=Users,dc=domain,dc=nl?sAMAccountName?sub?(objec tClass=*)"
> AuthLDAPBindDN
> "cn=user_with_no_specific_rights,ou=container,dc=d omain,dc=nl"
> AuthLDAPBindPassword "password"
>
> </Directory>
>
> Hope It Helps, Good Luck
>
> Roderick
>
> ----- Original Message -----
> From: "Kenneth Holter" <kenneho.ndu@gmail.com>
> To: redhat-list@redhat.com
> Sent: 09 September 2008 14:11:17 o'clock (GMT+0100) Europe/Berlin
> Subject: Authentication error: Apache 2 and MS 2003 Active Directory
>
> Hi.
>
> I've tried to set up Apache 2 to authenticate users against MS 2003 Active
> Directory, but are getting this error:
>
> Mon Sep 08 14:16:03 2008] [error] [client xxx.xxx.xxx.xxx] access to
> /folder
> failed, reason: verification of user id 'kenneho' not configured, referer:
> http://host.example.com/
>
>
> This is from my httpd.conf:
>
> LoadModule ldap_module modules/mod_ldap.so
> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> ....
> AuthType Basic
> AuthName "Welcome!"
> AuthLDAPURL ldap://111.222.333.444:389/dc=example,dc=com?sAMAccountName
> AuthLDAPBindDN CN=user,OU=something,DC=example,DC=com
> AuthLDAPBindPassword secret
> Require vaild-user
>
>
> General ldapsearch using the bind DN and password seems to work fine:
>
> ldapsearch -x -D "CN=user,OU=something,DC=example,DC=com" -w secret
>
>
> On
>
> http://wiki.apache.org/httpd/ModAuthAndActiveDirectory2003?highlight=(active)%7 C(directory)
> a problem with mod_auth_ldap and MS 2003 AD is described, but this doesn't
> seem to apply to my configuration.
>
>
> Any ideas on how to further debug this?
>
>
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 09-10-2008, 10:45 AM
"Kenneth Holter"
 
Default Authentication error: Apache 2 and MS 2003 Active Directory

*Solved*

Seems we may have suffered from a bug regarding using references in MS 2003
AD. What we did to get things going was to query the AD-server on port 3268,
and make sure AuthzLDAPAuthoritative was set to "Off".


Regards,
Kenneth Holter



On 9/9/08, Kenneth Holter <kenneho.ndu@gmail.com> wrote:
>
> Thanks for the quick reply.
>
> I implemented your setup, and found that the web page's credentials
> dialogue box no longer appears (before the dialogue box would appear, but
> authentication would fail). Instead, the following error message is issued:
>
> Internal server error:
>
> The server encountered an internal error or misconfiguration and was unable
> to complete your request.
>
> The /var/log/httpd/error.log says this:
>
> [Tue Sep 09 14:31:47 2008] [warn] [client 111.222.33<http://10.53.65.212/>3.444]
> [8127] auth_ldap authenticate: user kenneho authentication failed; URI /test
>
> [ldap_search_ext_s() for user failed][Operations error], referer:
> http://server.example.com/
> Any ideas?
>
>
> On 9/9/08, Roderick Derks <redhat@r71.nl> wrote:
>>
>> This is a working config for AD2003RC2 and Apache:
>> Server version: Apache/2.2.6 (Unix)
>> Server built: Sep 18 2007 09:40:44
>>
>> <Directory "/var/www/html/portdiscoverer">
>>
>> AuthBasicProvider ldap
>> AuthType Basic
>> AuthzLDAPAuthoritative on
>> AuthName "Portdiscoverer Access"
>>
>> Options Indexes FollowSymLinks
>> AllowOverride None
>> Order allow,deny
>> Allow from all
>> Require valid-user
>>
>> AuthLDAPURL
>> "ldap://ezhdc01:389/ou=Users,dc=domain,dc=nl?sAMAccountName?sub?(objec tClass=*)"
>> AuthLDAPBindDN
>> "cn=user_with_no_specific_rights,ou=container,dc=d omain,dc=nl"
>> AuthLDAPBindPassword "password"
>>
>> </Directory>
>>
>> Hope It Helps, Good Luck
>>
>> Roderick
>>
>> ----- Original Message -----
>> From: "Kenneth Holter" <kenneho.ndu@gmail.com>
>> To: redhat-list@redhat.com
>> Sent: 09 September 2008 14:11:17 o'clock (GMT+0100) Europe/Berlin
>> Subject: Authentication error: Apache 2 and MS 2003 Active Directory
>>
>> Hi.
>>
>> I've tried to set up Apache 2 to authenticate users against MS 2003 Active
>> Directory, but are getting this error:
>>
>> Mon Sep 08 14:16:03 2008] [error] [client xxx.xxx.xxx.xxx] access to
>> /folder
>> failed, reason: verification of user id 'kenneho' not configured, referer:
>> http://host.example.com/
>>
>>
>> This is from my httpd.conf:
>>
>> LoadModule ldap_module modules/mod_ldap.so
>> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
>> ....
>> AuthType Basic
>> AuthName "Welcome!"
>> AuthLDAPURL ldap://111.222.333.444:389/dc=example,dc=com?sAMAccountName
>> AuthLDAPBindDN CN=user,OU=something,DC=example,DC=com
>> AuthLDAPBindPassword secret
>> Require vaild-user
>>
>>
>> General ldapsearch using the bind DN and password seems to work fine:
>>
>> ldapsearch -x -D "CN=user,OU=something,DC=example,DC=com" -w secret
>>
>>
>> On
>>
>> http://wiki.apache.org/httpd/ModAuthAndActiveDirectory2003?highlight=(active)%7 C(directory)
>> a problem with mod_auth_ldap and MS 2003 AD is described, but this doesn't
>> seem to apply to my configuration.
>>
>>
>> Any ideas on how to further debug this?
>>
>>
>> Regards,
>> Kenneth Holter
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 09-14-2008, 09:47 PM
"Javier Palacios"
 
Default Authentication error: Apache 2 and MS 2003 Active Directory

On Tue, Sep 9, 2008 at 2:11 PM, Kenneth Holter <kenneho.ndu@gmail.com> wrote:
> Hi.
>
> I've tried to set up Apache 2 to authenticate users against MS 2003 Active
> Directory, but are getting this error:

To achieve that it is much easier to use mod-auth-kerberos. And that also allows
you to have single sign-on, with password-less ticket authentication.

Javier Palacios

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 05:55 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org