[Cialug] apache2 authentication with Windows PDC

Tim Champion timchampion at gmail.com
Thu Dec 2 13:15:53 CST 2010


Scott - Yes, the ntlmdebug is set to 1.  I feel a little stupid here, but I
was looking for the error logs on the wrong machine.   My test server is, in
fact, showing connection failure errors in the apache error.log.

Chris -  You mentioned Kerberos authentication.  Correct me if I'm wrong,
but from what you described, it looks like you would have to export that
keytab file every time a user changes.  The goal I'm trying to reach here is
if a user is terminated on the PDC, that user would immediatly lose access
to the directory in question on the web server.  I don't want a process to
export a file.  Maybe that's not what you are suggesting, and if not, please
correct me.

Now that I figured out why I wasn't seeing error log entires :) I am
continuing to trouble shoot.

Tim Champion
timchampion at gmail.com


On Thu, Dec 2, 2010 at 12:17 PM, Scott Prader <sprader at iastate.edu> wrote:

> Hi Tim,
>
> Did you try setting the 'PerlSetVar ntlmdebug'* *variable? Even if it's
> only logging binary data, it might be possible to match it up with what's
> going on with the apache-side of things. If anything comes across, tcpdump
> is likely to catch it whether or not the log does.
>
> -Scott
>
> On Thu, Dec 2, 2010 at 11:49 AM, Tim Champion <timchampion at gmail.com>wrote:
>
>> I've been banging my head against a wall for a day or so here.
>>
>> I have an Ubuntu web server running apache2. What I want to do is have a
>> certain directory path (this path is browse-able, anybody is currently able
>> to view and download raw files) and I want a specific directory protected
>> with http authentication, and for that authentication to be against the
>> Windows PDC (in the same network).
>>
>> I've found this:
>>
>> http://manpages.ubuntu.com/manpages/maverick/man3/Apache2::AuthenNTLM.3pm.html
>> which tells me to use NTLM authentication, there's not enough information
>> here to get things working.
>>
>> What I have now is a <Location> section in apache2.conf that looks similar
>> to what is in the above link.  I am, of course, plugging in all my network
>> specific stuff (pdc, domain name, etc) I'm not really seeing anything in
>> error logs, I just get a Internal Server error on Firefox/Ubuntu, and a
>> "Forbidden" page on IE/Windows when I try and browse to the path.
>>
>> so, I guess I'm asking if anybody had done this sort of thing before, and
>> if so, can you point me in the right direction here?  I just don't have any
>> feeling for how to troubleshoot this. No logs I can find are updating on
>> failure.
>>
>> Tim Champion
>> timchampion at gmail.com
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>>
>
>
> --
> Scott Prader
> Undergraduate Electrical Engineer
> CARC, SSCL
> sprader at iastate.edu
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20101202/d2bfddba/attachment.htm 


More information about the Cialug mailing list