Mod_auth_sspi is a difficult to find package. I have no idea where the current home page is, but I found something called 1.0.1 and I have fixed a bug in Basic authentication. I also added a new option called SSPIOmitDomain that will prevent the windows domain from being prepended onto the username.
Here are the files: My diff from the official 1.0.1 version
The whole source code of my version, along with the binary built for Apache 2.0.48
UPDATE: There is a movement underway to merge all of the various sspi patches into one.
http://www.gknw.net/development/apache/httpd-2.0/win32/modules/
Hi,
please post further comments here:
http://www.gknw.de/phpbb/viewforum.php?f=9
thanks!
Guenter.
http://www.gknw.net/development/apache/httpd-2.0/win32/modules/
has a new version 1.0.3
This has been added to SourceForge, it is up to version 1.0.4. http://sourceforge.net/projects/mod-auth-sspi
I am trying to configure mod_auth_sspi so that it authenticates for Active Driectory groups on Win2003 server. This is how I’ve got it so far in my httpd.conf file:
AuthType SSPI
SSPIAuth On
SSPIAuthoritative Off
SSPIOfferBasic Off
SSPIBasicPreferred Off
#require valid-user
# group_attr member
Require group SUSD\DO-DomainUser
SSPIDomain susd
SSPIOmitDomain Off
And while it works fine using require valid-user I can’t get it to work for groups.
Thanks.
Lsabug
Actually I have never tried “require group”, so it may be completely broken.
I am trying to configure mod_auth_sspi so that it authenticates for Active Driectory users on Win2003 server. This is how I’ve got it so far in my .htaccess file:
AuthName “A Protected Place”
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain iway.edu
SSPIOfferBasic On
# SSPIBasicPreferred
# SSPIUsernameCase lower
When i try to login to my Apache Server from a Domain XP client it shows me the site perfectly. And it does not ask for a user name and password.
How can i make sure that authentication is only done for users in my AD?
Any help is appreciated…
Thanx
Gayal
I want to integrate Apache with 2003 Domain controller. Kindly help me in this problem.
I am using Mod_auth_sspi 1.0.4 on apache 2.2.3 in a windows 2003 server. I am also using Mod_JK on apache to redirect the tomcat web pages.
The Mod_auth_sspi works fine for the htdocs, cgi-bin and bugzilla web pages. But for tomcat web pages, its not working.
Help please. Thanks in advance.
Everyone else seems to be further along than i am, so can someone tell me what i’m doing wrong? I’m using apache 2.2.3 with mod_auth_sspi 1.0.4 on win2k3 (not a DC) using AD. I’ve tried all the combinations of SSPI config in the httpd.conf, but no matter what, a 3 line login box (username, password, and domain) always pops up. The user does not have to enter anything, just hit enter, and authentication works fine. Why does the box pop up in the first place? User is running IE6.
Thanks for any ideas!
–j
Check that your IE is set to automatically logon (in intranet zone or alle zones). This is set in menu Tools/Internet/Options/Advanced.
The default is not to send, so then the server won’t see any username, and can’t login.
I’m new in apache environment. So please forgive me if i say something wrong.
I have downloaded mod_auth_sspi-1.0.4-2.2.2.zip.
Followed the instruction in the my_cfg.txt file.But something was wrong,because starting apache i got:”the request operation as failed” and apache doesnt start!! hope you can help me!!
Thanks, Marco
Integrating Apache with 2003 Domain controller gave me a heap of trouble as well, but I managed to finally get it right.
During integration Apache + Subversion with Windows Domain I have a problem – I can’t determine full-access rigths for group sub_rw and read-only rights for group sub_ro.
Here is my code:
Location /svn/>
DAV svn
SVNParentPath c:\svn
SVNListParentPath On
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain rtu
SSPIUsernameCase lower
SSPIPerRequestAuth on
SSPIOfferBasic On
AuthName “Subversion Repositories”
# AuthzSVNAccessFile “c:\svn\authz”
Require group rtu\sub_rw
Require group rtu\sub_ro
/Location>
Thank’s.
I am using SSPI to perform authentication for intranet access, SSPI validates the domain user and provides access, But I need to authenticate the non-domain users also through the login screen, i.e if SSPI fails, I need to go for Basic auth, get the user anme and password, then validate against the LDAP server. I would appreciate the help provided. Thanks in advance.
Jury: Your solution could look like this:
#Authentication needed for RW access
Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
Require group “DOMAIN\\RW_GROUP_NAME”
/Limit>
#Authentication needed for R access
Limit GET PROPFIND OPTIONS REPORT>
Require group “DOMAIN\\R_GROUP_NAME”
/Limit>
By the way: It is possible to use nested AD groups with SSPI. This is not possible with Apache 2.2.x when using LDAP, see Apache bug http://issues.apache.org/bugzilla/show_bug.cgi?id=42891.
I am using SSPI for an application to provide SSO.
When I test the application with
“http://localhost”, it works fine, I can get the user name, but when I test the same with “http://serverIp”, the browser always pops up the authentication to get the user name and always authentication fails.
Can you help me out.
Directory “path”>
AuthType SSPI
AuthName “Test Auth”
SSPIAuth On
SSPIOfferBasic Off
Require valid-user
/Directory>
Kamupathy,
Add your web server ip address or dns name into windows trusted zone as relevant and ust intergrated authentication of internet explorer.
thanks
Amila
AuthName “SVN Server”
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain YOUR_DOMAIN (not DOMAINNAME)
SSPIUsernameCase lower
Require group DOMAINENAME\USERGROUP
PS : use the last mod-auth-sspi (1.0.4 released)
http://sourceforge.net/projects/mod-auth-sspi
http://mod-auth-sspi.sourceforge.net/docu/mod_ntlm/faq.html