search

Legrandin / PyAuthenNTLM2

PyAuthenNTLM2 is an authentication module for Apache. It validates a user by means of the NTLM protocol and a separate Domain Controller (or Active Directory server).
Other
57 stars 42 forks source link

Unexpected error when checking membership #17

Open BenjaminBeck opened 10 years ago

BenjaminBeck commented 10 years ago

Hello, we have a error on some machines running Windows7 and Vista. With Windows XP its running fine.

So i think it must be some windows setting which is causing the error. We already tried the following registry-setting: “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LMCompatibilityLevel” to “1” http://technet.microsoft.com/en-us/library/cc960646.aspx

But the error still appears. Below you can see the error log. Do you have a idea what might be the cause?

[Wed Feb 26 10:37:04 2014] [info] [client 172.17.228.107] PYNTLM: Handling connection 0xD for GET URI /. 0 entries in connection cache.
[Wed Feb 26 10:37:04 2014] [info] [client 172.17.228.107] PYTNLM: Initiating connection to Active Directory server 123.123.123.123 (domain DOMAIN) using base DN "DC=DOMAIN,DC=INTERN".
[Wed Feb 26 10:37:04 2014] [info] [client 172.17.228.107] PYNTLM: Handling connection 0xD for GET URI /. 1 entries in connection cache.
[Wed Feb 26 10:37:04 2014] [notice] [client 172.17.228.107] PYNTLM: User ccc/DOMAIN has been authenticated to access URI /
[Wed Feb 26 10:37:04 2014] [error] [client 172.17.228.107] PYNTLM: Unexpected error when checking membership of ccc in groups ['GROUP-NAME'] for URI /: 
[Wed Feb 26 10:37:04 2014] [error] [client 172.17.228.107] Incorrect NTLM message in Authorization header for URI /: local variable 'res' referenced before assignment```
zenmedia commented 10 years ago

I found that the security group membership names are case sensitive and as a result requires you to enter it as "SecurityGroup" instead of "SECURITYGROUP" or whatever format you actually use.