So, what's the story
I want to enable NTLM auth in Apache and already installed ntlm library (mod_auth_ntlm), installed necessary VS redistributable and placed following strings to httpd.conf
LoadModule auth_ntlm_module modules/mod_authn_ntlm.so
<Location /test >
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMOfferBasic off
<RequireAll>
<RequireAny>
Require valid-user
</RequireAny>
</RequireAll>
</Location>
Starting phpinfo - and there is no variables like REMOTE_USER, but ntlm library is successfully loaded
Any folder on web-server is accessible except /test folder - it just returns error 500
Apache error.log has following strings:
[Wed Feb 24 14:54:46.231132 2016] [authn_core:error] [pid 668:tid 1776] [client 10.16.66.19:53872] AH01796: AuthType NTLM configured without corresponding module
So, what's the catch? Any other possibilities?
Solution found!
Still, it's not NTLM library, but SSPI (mod-authn-sspi)
Download correct version of SSPI library (in case of Apache 2.4 it should be mod_authnz_sspi)
Unzip and put .so file into Apache /modules directory
Edit httpd.conf
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
<Directory "/test">
AllowOverride None
Options None
Order allow,deny
Allow from all
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain KL
Require valid-user
</Directory>
Create directory /test in your www folder (/test is just exemplary folder) and place following .htaccess file
AuthName "authoriz"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
require valid-user
Of course, you can change AuthName
Try following php code in the /test directory
<?php
$cred = explode('\\',$_SERVER['REMOTE_USER']);
if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)");
list($domain, $user) = $cred;
echo "You appear to be user <B>$user</B><BR/>";
echo "logged into the Windows NT domain <B>$domain</B>";
?>
Should work!
Related
I'm running this control panel in Debian server: https://github.com/OpenGamePanel/OGP-Website/wiki
After the installation, I just have to access to Panel using my server IP.
But I want to protect it with user-password before accessing the site (to prevent inspect tools, info, or other tools) as I did with PHPMyAdmin URL:
https://i.stack.imgur.com/LdLKT.png
Added this: AllowOverride All
Here: sudo nano /etc/apache2/conf-available/phpmyadmin.conf
And this: AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
Here: sudo nano /usr/share/phpmyadmin/.htaccess
But not sure how to do the same for this panel to protect the / URL
Thanks.
just create (or edit the existing) .htaccess file in the document root of your control panel with these contents
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/etc/phpmyadmin/.htpasswd"
Require valid-user
the user/password will be the same as for your phpmyadmin
Previously I used the IIS server as PHP server. Currently, it is the apache.
On IIS I could access to the variable $_SERVER ['REMOTE_USER'] which returns the username and domain (eg domain\user) but after installing XAMPP this variable is not available.
What I should do to get this variable get again?
My app is on local network with no-internet connection
Finally got it to works! :D
Download the module from here https://www.apachehaus.net/modules/mod_authnz_sspi/ (x86 for 32 bit and x64 for 64 bit apache)
Copy the mod_authnz_sspi.so from Apache24\modules folder and place it in the modules folder of your Apache folder on your webserver
Under the httpd.conf file (Config file for your apache) place this line of code. Try to load this as the last module:
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
Make sure that the following modules are uncommented
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
PS: both the above modules are required for this to work.
Place the following code in your httpd.conf file
<Directory "path/to/your/htcdocs/folder">
Options None
AllowOverride All
Order allow,deny
Allow from all
#AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
Require valid-user
</Directory>
Restart your apache servive and hopefully it should restart without any issues.
Now in order to recognise the user , use the following code on a php page
echo $_SERVER['PHP_AUTH_USER'];
That's all.
I'm using:
XAMPP Control Panel 3.2.1
APACHE 2.4
<Directory "path/to/your/htcdocs/folder">
Options None
AllowOverride All
Order allow,deny
Allow from all
#AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
Require valid-user
</Directory>
If you use ModRewrite or other I suggest you to keep
Options Indexes FollowSymLinks Includes ExecCGI
otherwise you'll get an error like
[rewrite:error]: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions
You can only access the remote user if Apache has actually authenticated the user, check the apache auth howto.
I battled with this for a long time, it turned out that I had to install VC redistributable to make it work.
This is driving me crazy. I have a Apache2 server with WebDAV enabled on my Debian Wheezy server. I can access it and read from it and it appears to be running correctly.
From my Windows 7 laptop I am running a software called NetDrive2 that mounts a network drive to my WebDAV folder so that I can access it with a drive letter.
Whenever I try to copy files from the Windows 7 laptop to my WebDAV drive, I sometimes get the error message:
Error 0x80070522: A required privilege is not held by the client."
The WebDAV folder has Basic AuthType and I have ofc provided correct user/pass. It is not SSL.
I have done some debugging myself and I am not sure, but it appears that I cannot create a folder that has the same name as a file in the same directory:
Folder:
- file.php
- file/ (cannot create this dir because file.php exists).
Anyone have any ideas? I am stuck!
OK so Googling further I finally found what was causing the problem. I cannot believe this is not mentioned in any tutorials out there.
This guy gave me the answer:
Apache Webdav, unable to create "test" folder when file test.txt exists
Basically, you have to add AllowOverride none, and Options None to your webdav directory.
This is my final configuration for my webdav host in Apache2:
Alias /devshed /home/www/sites/dev
Alias /devsheddav /home/www/sites/dev
<Directory /home/www/sites/dev/>
AllowOverride none
Order allow,deny
Allow from all
Options +Indexes +MultiViews
IndexOptions FancyIndexing
</Directory>
<Location /devshed>
DAV Off
Order allow,deny
Allow from all
AuthName "Pennybridge Devshed Web"
AuthType Basic
AuthUserFile /home/www/htaccess/sites/dev/dev.htpasswd
Require valid-user
</Location>
<Location /devsheddav>
DAV On
Options None
Order allow,deny
Allow from all
AuthName "Pennybridge Devshed WebDAV"
AuthType Basic
AuthUserFile /home/www/htaccess/sites/dev/dev.htpasswd
Require valid-user
php_flag engine off
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
DirectoryIndex disabled
</Location>
before this i was working on windows and my project was working proper. recently i moved to ubuntu and i am trying setup project on LAMP.
i have created host for this (windows i was running directly through localhost) and when i am running it getting 500 Internal server Error.
when i looked in my log file i got Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included in the server configuration.
.htaccess File
#php_value zend.ze1_compatibility_mode off
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /opt/lampp/htdocs/uniplex_mobile/.htpasswd
AuthGroupFile /dev/null
<Files manageurls.html>
require valid-user
</Files>
<Files addurl.html>
require valid-user
</Files>
<Files editurl.html>
require valid-user
</Files>
AddType application/x-httpd-php .php .htm .html
my project is on smarty framework.
can anyone help to solve this?
Thanks in advance
You can try this.
a2enmod authz_groupfile
Assuming you're using apache 2.2, this means you're missing the mod_authz_groupfile module.
You need to look in your server config and look for the line that contains:
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
or something similar and make sure it's commented out.
Otherwise, just leave out the AuthGroupFile directive, it doesn't look like you're using it anyways.
I got an error "AuthUserFile not specified in the configuration" in my error log file. how to fix it.
Here is my .htaccess file, its located in amazon file server.
## mod auth_mysql
AuthBasicAuthoritative Off
AuthMYSQL on
AuthMySQL_Authoritative on
AuthMySQL_DB dbname
Auth_MySQL_Host localhost
Auth_MySQL_User username
Auth_MySQL_Password password
AuthMySQL_Password_Table tbl_name
AuthMySQL_Username_Field user_name
AuthMySQL_Password_Field password
AuthMySQL_Empty_Passwords off
AuthMySQL_Encryption_Types SHA1Sum
# Standard auth stuff
AuthType Basic
AuthName "restricted zone"
Require valid-user
you shall simply put a
AuthUserFile /dev/null
in your .htaccess. That did the trick for me.
for the rest of the pain that brings the configuration of auth_mysql, you have my full comprehension :)
That error isn't refering to your .htaccess but rather the main httpd.conf Apache configuration file. Add that line to your httpd.conf and then restart your httpd service.