Search code examples
apachewebserverntlm

web server with SSPI as a Single SignOn authentification NTLM

We use Apache 2.x as a web server with SSPI as a Single SignOn authentification for our users. When we create a new web application, we usually configure it as follow in the hhtp.conf file: 

<VirtualHost *:80> 
ServerName somapp 
DocumentRoot "C:/www/someapp 
<Directory C:/www/someapp> 
Order Allow,Deny 
Allow from all 
</Directory> 
<IfModule mod_auth_sspi.c> 
<Location />
AuthName "A Protected Place" 
AuthType SSPI SSPIAuth On 
SSPIAuthoritative On 
SSPIOfferBasic On 
SSPIOmitDomain Off 
require valid-user 
</Location> 
</IfModule> 
</VirtualHost>

When the user arrive at the site, the users is automatically logged in to the app. All was OK until last week. Now, the authentication window pops-up

And the following error [Wed Mar 30 08:52:53 2016] [error] [client 127.0.0.1] (OS 1326)Échec d’ouverture de session : nom d’utilisateur inconnu ou mot de passe incorrect. : user xxxx01: authentication failure for "/" [Wed Mar 30 08:52:53 2016] [error] [client 127.0.0.1] (OS 1326)Échec d’ouverture de session : nom d’utilisateur inconnu ou mot de passe incorrect. : user xxxx01: authentication failure for "/error/HTTP_UNAUTHORIZED.html.var"

This problem appears to have started when we applied the most recent windows update patch on our DC. We have since uninstalled the updates but the problem remains. The problem appears on all our Apache servers (on my local machine and on two servers) Here's some details about our environment: - Three apache 2.x servers on Windows 7 Pro, Windows 2008 R2 and Windows 2012 R2 - Two DC's, both Windows 2008 R2 We've tried a variety of changes to the mod_auth_sspi parameters (the domain, IP address, etc.) but we have not been successful.

Solution

  • Un moyen pour détourner le problème :

    <VirtualHost *:80> 
ServerName somapp 
DocumentRoot "C:/www/someapp 
<Directory C:/www/someapp> 
Order Allow,Deny 
Allow from all 
<IfModule mod_auth_sspi.c> 
#<Location />
AuthName "A Protected Place" 
AuthType SSPI SSPIAuth On 
SSPIAuthoritative On 
SSPIOfferBasic On 
SSPIOmitDomain Off 
require valid-user 
#</Location> 
</IfModule> 
</Directory> #mettre le tous dans Direction est supprimé Location
</VirtualHost>